Overview

overview

10

Static

static

10

FluxLoraV2.zip

windows11-21h2-x64

1

FluxLoraV2...ra.exe

windows11-21h2-x64

10

FluxLoraV2...!!.txt

windows11-21h2-x64

3

FluxLoraV2...ix.exe

windows11-21h2-x64

7

main.pyc

windows11-21h2-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FluxLoraV2.zip

  • Size

    20.5MB

  • Sample

    240620-v9p51ateqq

  • MD5

    034e6e03682c07068f4aa310b21a9385

  • SHA1

    4539639e80cfe7264bab3d77cd0e88660ecd4b96

  • SHA256

    e2d0af9d4edc9c173093eef51a8869fff6a798d7ba912c620188807c91cb306a

  • SHA512

    c1428fe584f1c74b66a74c9bf2f424943b45335067dd899c107418518df2754873b184a182145f310aba09adc5043133a8eb44a7740110f45989711e2b6063d9

  • SSDEEP

    393216:x6Asd3zLBztGJFzGdIFS041BBygXqsxPgUhhalJGkIW2QCYHAr:xEdDLBRGTCIY041yUf9LNH

Score
10/10
asyncratempyreandefaultpyinstallerratspywarestealerupx

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:6700

Mutex

4Et0bdTVvRcT

Attributes
  • delay

    3

  • install

    true

  • install_file

    FluxusV2.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      FluxLoraV2.zip

    • Size

      20.5MB

    • MD5

      034e6e03682c07068f4aa310b21a9385

    • SHA1

      4539639e80cfe7264bab3d77cd0e88660ecd4b96

    • SHA256

      e2d0af9d4edc9c173093eef51a8869fff6a798d7ba912c620188807c91cb306a

    • SHA512

      c1428fe584f1c74b66a74c9bf2f424943b45335067dd899c107418518df2754873b184a182145f310aba09adc5043133a8eb44a7740110f45989711e2b6063d9

    • SSDEEP

      393216:x6Asd3zLBztGJFzGdIFS041BBygXqsxPgUhhalJGkIW2QCYHAr:xEdDLBRGTCIY041yUf9LNH

    Score
    1/10
    behavioral1

    • Target

      FluxLoraV2/FluxLora.exe

    • Size

      48KB

    • MD5

      ace38670c00a34a910a1c5cb502f8f03

    • SHA1

      3bfa515b1b4af4cca5e4d603e427fc2ebc8d5047

    • SHA256

      0c3aa475f5ff4c8c2c271a27582f5480a29063d97006d5440c98409b3659fcbe

    • SHA512

      ff40dccab360baff86e2545e810f6969d22587b750a646a46546e593069bf1d5633a9e20a0534437fc909bfc2d58bb32f840c23b7e879f677c9fbd18a609e0bc

    • SSDEEP

      768:au2/0TckJ26WUsFvgmo2q7Dj/YlJ+4PIbwD9h5Dt40bQi45jeMSVLaza3ThwPClS:au2/0TceH27JCbwDr5DtzbQiIjeMqCPR

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Executes dropped EXE

    behavioral2

    • Target

      FluxLoraV2/READ ME!!!!!!!!!!.txt

    • Size

      271B

    • MD5

      ad33b09e279104307ad3fc74801a5536

    • SHA1

      86ee048beb7feb0ceacffdd321c0890bfbd240c1

    • SHA256

      2b7eb313206ad20acc12888da322f271f84e4e183e4d3a3bdb6753eebc29f153

    • SHA512

      27786ee604725fcff266900699456a3fa1fc85e6fddabcb5a5ce262cb9846bd567e2d90e9e1f9f390e103af63ee3d1c21d64cb9b3a8d8ffc799f1ac438b26ba6

    Score
    3/10
    behavioral3

    • Target

      FluxLoraV2/SolarFix.exe

    • Size

      20.6MB

    • MD5

      5b2a845ebc71752c07a3ba04c01b9495

    • SHA1

      57ea8bb5b689540508b13fa6a72c6c98162dff57

    • SHA256

      30d3dc2086ce141e907a7e134654800131763a8f7d310889b1cd781ef44e47d5

    • SHA512

      922557113fe5b5600b6d903a243c859fe72353f0b0b4e3abd5a319f6b034129abe6bab2b4c5e81e3d935596265c859467c175c8f2b5ff82f266a048e06f34426

    • SSDEEP

      393216:6qPnLFXlr6v7n0jcjgQpDOETgsvfGAnKgBNKbS+vE4ALfiXdL:PPLFXN6Dic8QoEqW4m3M

    Score
    7/10
    spywarestealerupx

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral4

    • Target

      main.pyc

    • Size

      7KB

    • MD5

      7ac46453f68c9aa421de49e3be8a7da8

    • SHA1

      6aae0ec0779a969c00c203536d7bfc4a3adae157

    • SHA256

      25d74e6d9f3a50c74267e3dd0090d82e3cc045671969fd19cbc32c57b08c23e3

    • SHA512

      53e3ad7fa44fd1062e5e77ab5f36a5f961213475264ac3b1c892de8f8995e7c154e5d6e2d76bec86495a8879978d1786eb433fb0c5e3729525777a9687160c06

    • SSDEEP

      192:wazHnVp5U9D8bjWdXwkFakqeB+lxNBJhwriPMdwbzjnw:97n5WuwaT72rQPbfw

    Score
    3/10
    behavioral5

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

3
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks