pikabot | pikabot

Resubmissions

22-06-2024 17:36

240622-v6w45swhkc 10

16-11-2023 07:55

231116-jr41nahf9v 3

15-11-2023 14:30

231115-rvbghsbd22 3

Sharing

Copy URL

Twitter E-mail

General

Target

pikabot
Size

306KB
MD5

a12001230dd6f5ca67f7935bcfdcd650
SHA1

fd39ca7366ca63f15a6e61e2cbda9195077a83b6
SHA256

39d6f7865949ae7bb846f56bff4f62a96d7277d2872fec68c09e1227e6db9206
SHA512

224d6c55953440d894d84787a88f6230964a9ec44f323dcdc49ebd9722cc5426719f36d202b586f408d0bd8d4e1502ba7edbb9037c500b1cab31242ada6bce91
SSDEEP

3072:engX9CnOMcKVtnEcoVzr4j0NnRT+JwMU3AWoeFE1YerPvbyg1ihk6kvtfGq0ev37:EZ7ZGVzr4jq5kJRwFE77arkR10efUKh

Score

10^/10

pikabot

Malware Config

Extracted

Family

pikabot

154.92.19.139:2222

149.248.53.65:2221

158.247.246.182:2226

154.221.30.136:13724

207.246.111.127:13786

154.61.75.156:2078

210.243.8.247:23399

Signatures

Detects PikaBot botnet 1 IoCs

Processes:

resource yara_rule

sample family_pikabot_v2
Pikabot family
pikabot
pikabot 1 IoCs
detect pikabot loader and core module.

Processes:

resource yara_rule

sample pikabot
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

pikabot

resource	yara_rule
sample	family_pikabot_v2

resource	yara_rule
sample	pikabot

resource
pikabot

Files

pikabot
.exe windows:6 windows x86 arch:x86

ee135a0ae39460bccfe6cbda12827ca2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLargePageMinimum
GetCurrentProcess
IsValidCodePage
GetSystemDefaultLangID

user32

AnyPopup
OpenIcon
GetMessageTime
GetTopWindow

Sections

.text
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

ee135a0ae39460bccfe6cbda12827ca2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 171KB - Virtual size: 170KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 7KB - Virtual size: 7KB

.rsrc Size: 84KB - Virtual size: 83KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 171KB - Virtual size: 170KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 84KB - Virtual size: 83KB

.reloc
Size: 7KB - Virtual size: 7KB