Overview

overview

7

Static

static

1

PIC18LF452...cs.exe

windows7-x64

7

PIC18LF452...cs.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    PIC18LF4520-IPT5100pcs.exe

  • Size

    997KB

  • Sample

    231011-y495rsdb43

  • MD5

    3ab3ce030ebeae34e16b5b0b82284fe5

  • SHA1

    6974c2adae0edffd0d4c1c881047210b829ddd99

  • SHA256

    e111297292c0c04be52043c05b689b170d42049b087cf3fe338d38c2e2b7b567

  • SHA512

    f7f1c434e13039536489a86ffb1d44ddf0d43b76976fe509a705754f44d22cd236e5bdc56d1f5d5cd94c0fd97cb31dd468b2a2a59d13c4857aab3afda239a5dc

  • SSDEEP

    12288:M0X6E4xuyPwGyZIF0XOd9YFepukc10zPsyozhzoF871oQbvKVTv:EE4xEMeqYkLPsjhzJOQbvKVb

Score
7/10

Malware Config

Targets

    • Target

      PIC18LF4520-IPT5100pcs.exe

    • Size

      997KB

    • MD5

      3ab3ce030ebeae34e16b5b0b82284fe5

    • SHA1

      6974c2adae0edffd0d4c1c881047210b829ddd99

    • SHA256

      e111297292c0c04be52043c05b689b170d42049b087cf3fe338d38c2e2b7b567

    • SHA512

      f7f1c434e13039536489a86ffb1d44ddf0d43b76976fe509a705754f44d22cd236e5bdc56d1f5d5cd94c0fd97cb31dd468b2a2a59d13c4857aab3afda239a5dc

    • SSDEEP

      12288:M0X6E4xuyPwGyZIF0XOd9YFepukc10zPsyozhzoF871oQbvKVTv:EE4xEMeqYkLPsjhzJOQbvKVb

    Score
    7/10

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks