pikabot

General

Target

0a0e0d2f9daa0bad25c3defd69a3a6d96a6ac5f325a369761807c06887d3bd9f
Size

329KB
Sample

241026-pph83athmb
MD5

f1d0370f57f1dffbce1b665e45483da1
SHA1

5cf0a176fcb31e091099a3b661b4bd8eab418cf1
SHA256

0a0e0d2f9daa0bad25c3defd69a3a6d96a6ac5f325a369761807c06887d3bd9f
SHA512

660ba4fe4cbbf9286272054472c07cc041c3eeaa911d68ca0f45b398c202f379b74b2a2443bda6da163ec58ddfc97b615d97869265238d76f5f0b179d09a7a52
SSDEEP

6144:1ieAn4qfVev93QG4B9XQdKuPKwdWBsw3eO8RQrFXg3iWA5iHDX0:1Ra4qfA93BdTk3OeFXg3iDWo

Score

10^/10

Malware Config

Extracted

Family

pikabot

C2

https://45.76.251.190:5567

https://131.153.231.178:2221

https://95.179.135.3:2225

https://155.138.147.62:2223

https://86.38.225.109:13724

https://172.232.189.219:2224

https://198.44.187.12:2224

https://104.156.233.235:2226

https://103.82.243.5:13721

https://86.38.225.106:2221

https://45.32.248.100:2226

https://23.226.138.161:5242

https://37.60.242.85:9785

https://104.129.55.105:2223

https://45.32.21.184:5242

https://178.18.246.136:2078

https://108.61.78.17:13719

https://86.38.225.105:13721

https://172.232.189.10:1194

https://172.232.162.97:13719

Targets

- Target
  
  0a0e0d2f9daa0bad25c3defd69a3a6d96a6ac5f325a369761807c06887d3bd9f
- Size
  
  329KB
- MD5
  
  f1d0370f57f1dffbce1b665e45483da1
- SHA1
  
  5cf0a176fcb31e091099a3b661b4bd8eab418cf1
- SHA256
  
  0a0e0d2f9daa0bad25c3defd69a3a6d96a6ac5f325a369761807c06887d3bd9f
- SHA512
  
  660ba4fe4cbbf9286272054472c07cc041c3eeaa911d68ca0f45b398c202f379b74b2a2443bda6da163ec58ddfc97b615d97869265238d76f5f0b179d09a7a52
- SSDEEP
  
  6144:1ieAn4qfVev93QG4B9XQdKuPKwdWBsw3eO8RQrFXg3iWA5iHDX0:1Ra4qfA93BdTk3OeFXg3iDWo
Score

10^/10

discovery pikabot botnet
- PikaBot
  PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.
  botnet pikabot
- Pikabot family
  pikabot
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Pikabot family

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2