General

  • Target

    FluxLora.zip

  • Size

    26KB

  • Sample

    240620-ce4qsssepf

  • MD5

    382a44b408a514fe3ab338a5e3d8b374

  • SHA1

    5ba5888436ff907fcf76f9bcf47e6da317ad99f7

  • SHA256

    b5af0bc161225e2ec1e0161d4a38af0b30f13a6e9e91f4ed3bc64de4e7940281

  • SHA512

    8bc06dc0cf21a5da05d7d08354f04b64f9a411597ddcfdbc5d5063afdbb7e0ca60b24d20fb7b06ec75a03f8fdea9790b0bd92fd04ff013062038c55cd9b1a92f

  • SSDEEP

    768:k00cW6Wu1wpyLBAFoYmBrQgqyK3yeEfoCQWUm:k7cWju1pLBA6nmf3yenCQs

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:6700

Mutex

4Et0bdTVvRcT

Attributes
  • delay

    3

  • install

    true

  • install_file

    FluxusV2.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      FluxLora.zip

    • Size

      26KB

    • MD5

      382a44b408a514fe3ab338a5e3d8b374

    • SHA1

      5ba5888436ff907fcf76f9bcf47e6da317ad99f7

    • SHA256

      b5af0bc161225e2ec1e0161d4a38af0b30f13a6e9e91f4ed3bc64de4e7940281

    • SHA512

      8bc06dc0cf21a5da05d7d08354f04b64f9a411597ddcfdbc5d5063afdbb7e0ca60b24d20fb7b06ec75a03f8fdea9790b0bd92fd04ff013062038c55cd9b1a92f

    • SSDEEP

      768:k00cW6Wu1wpyLBAFoYmBrQgqyK3yeEfoCQWUm:k7cWju1pLBA6nmf3yenCQs

    Score
    1/10
    • Target

      FluxLoraV2/FluxLora.exe

    • Size

      48KB

    • MD5

      ace38670c00a34a910a1c5cb502f8f03

    • SHA1

      3bfa515b1b4af4cca5e4d603e427fc2ebc8d5047

    • SHA256

      0c3aa475f5ff4c8c2c271a27582f5480a29063d97006d5440c98409b3659fcbe

    • SHA512

      ff40dccab360baff86e2545e810f6969d22587b750a646a46546e593069bf1d5633a9e20a0534437fc909bfc2d58bb32f840c23b7e879f677c9fbd18a609e0bc

    • SSDEEP

      768:au2/0TckJ26WUsFvgmo2q7Dj/YlJ+4PIbwD9h5Dt40bQi45jeMSVLaza3ThwPClS:au2/0TceH27JCbwDr5DtzbQiIjeMqCPR

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Target

      FluxLoraV2/READ ME!!!!!!!!!!.txt

    • Size

      271B

    • MD5

      ad33b09e279104307ad3fc74801a5536

    • SHA1

      86ee048beb7feb0ceacffdd321c0890bfbd240c1

    • SHA256

      2b7eb313206ad20acc12888da322f271f84e4e183e4d3a3bdb6753eebc29f153

    • SHA512

      27786ee604725fcff266900699456a3fa1fc85e6fddabcb5a5ce262cb9846bd567e2d90e9e1f9f390e103af63ee3d1c21d64cb9b3a8d8ffc799f1ac438b26ba6

    Score
    1/10

MITRE ATT&CK Matrix ATT&CK v13

Execution

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks