Pikabot:
Curated IOCs

Pikabot's Key IOCs & Sandbox Analysis

Subscribe to our IOC Newsletter for the latest intelligence on Pikabot

Sample Hash VMRay Platform Report Link IOCs
7d18e238febf88bc7c868e3ee4189fd12a2aa4db21f66151bb4c15c0600eca6e https://www.vmray.com/analyses/_vt/7d18e238febf/report/ioc.html 158[.]220[.]95[.]215
213[.]199[.]41[.]33
172[.]232[.]208[.]90
158[.]220[.]95[.]214
84[.]247[.]157[.]112
194[.]233[.]91[.]144
64[.]23[.]199[.]206
a7794d56213aa17da06c4104f97c3822f08f1c8e02b38ec0190e7812c2c76972 https://www.vmray.com/analyses/_vt/a7794d56213a/report/ioc.html 104[.]129[.]55[.]103
158[.]220[.]80[.]157
23[.]226[.]138[.]161
178[.]18[.]246[.]136
104[.]129[.]55[.]104
37[.]60[.]242[.]85
37[.]60[.]242[.]86
85[.]239[.]243[.]155
23[.]226[.]138[.]143
158[.]220[.]80[.]167
dd2b6e3aa75de8460730862f2dc739537734a7dfc9e673b6a23ee58430348ddf https://www.vmray.com/analyses/_vt/dd2b6e3aa75d/report/ioc.html 70[.]34[.]223[.]164
70[.]34[.]199[.]64
84[.]46[.]240[.]42
209[.]126[.]86[.]48
94[.]72[.]104[.]80
154[.]12[.]236[.]248
94[.]72[.]104[.]77
154[.]53[.]55[.]165
45[.]77[.]63[.]237
198[.]38[.]94[.]213
1137b149e0bced9e6700658b526bd7eb27f59e0850bef8ee843359d887f6f131 https://www.vmray.com/analyses/_vt/1137b149e0bc/report/ioc.html 86[.]38[.]225[.]106
185[.]179[.]217[.]216
104[.]129[.]55[.]105
37[.]60[.]242[.]86
141[.]95[.]106[.]106
89[.]117[.]23[.]185
37[.]60[.]242[.]85
89[.]117[.]23[.]34
37[.]60[.]242[.]85
89[.]117[.]23[.]34
57[.]128[.]165[.]176
178[.]18[.]246[.]136
20189932a66a55157b14df10855bb860a0d0f03822ba1c71b757fd10a6076099 https://www.vmray.com/analyses/_vt/20189932a66a/report/ioc.html 178[.]18[.]246[.]136
a06a36de9b35bf54940b70a0ba4c3f836e42613b51c96bc265ee8910c6ae1849 https://www.vmray.com/analyses/_vt/a06a36de9b35/report/ioc.html 23[.]226[.]138[.]161
148[.]113[.]141[.]220
109[.]199[.]99[.]131
154[.]12[.]233[.]66
145[.]239[.]135[.]24
178[.]18[.]246[.]136
37[.]60[.]242[.]85
89[.]117[.]23[.]34
141[.]95[.]106[.]106
57[.]128[.]165[.]176
9fdc1c2fc0708a8ce04f318ad50734a34102b5c103101880f458a6ca7cd87e19 https://www.vmray.com/analyses/_vt/9fdc1c2fc070/report/ioc.html 89[.]117[.]23[.]186
103[.]82[.]243[.]5
23[.]226[.]138[.]161
89[.]117[.]23[.]185
57[.]128[.]165[.]176
23[.]226[.]138[.]143
89[.]117[.]23[.]34
145[.]239[.]135[.]24
37[.]60[.]242[.]85
86[.]38[.]225[.]106
b025e37611168c0abcc446125a8bd7cb831625338434929febadfcc9cc4c816e https://www.vmray.com/analyses/_vt/b025e3761116/report/ioc.html 103[.]82[.]243[.]5
104[.]129[.]55[.]105
86[.]38[.]225[.]105
89[.]117[.]23[.]186
86[.]38[.]225[.]106
57[.]128[.]165[.]176
23[.]226[.]138[.]161
23[.]226[.]138[.]143
37[.]60[.]242[.]85
89[.]117[.]23[.]185
89dc50024836f9ad406504a3b7445d284e97ec5dafdd8f2741f496cac84ccda9 https://www.vmray.com/analyses/_vt/89dc50024836/report/ioc.html 57[.]128[.]165[.]176
86[.]38[.]225[.]106
178[.]18[.]246[.]136

Related Research from VMRay Labs

Why your EDR Let Pikabot Jump Through

In the latest blog from the VMRay Labs Team, we highlight Pikabot's techniques to evade EDR tools and sandboxes relying on hooking.

Signature and Detection Highlights – February 2024

New YARA rules and updated configuration extractors for malware
families including Pikabot and Lumma Stealer are covered.

Subscribe to our IOC Newsletter for the latest intelligence on Pikabot

Days
Hours
Minutes
Seconds

Ready to stress-test your malware sandbox? Join us for a no-fluff, all-demo webinar that shows you real techniques to evaluate and optimize your sandboxing solution!