General

  • Target

    02c22994e069512f7218bebf1b99eca33cc1e00eecf0885716eb869d5e8399a9.zip

  • Size

    73KB

  • Sample

    240629-r7d36szcpa

  • MD5

    750629f49265a64a25883bc7a6f334f0

  • SHA1

    57d2185cc6ab16b86aa9c1d3cb06f3b1c0119877

  • SHA256

    6d68a4cf8b83ffa6cd2a09048eda8dfa6b3faf838aafa0ee554bb96dd8ae98e5

  • SHA512

    635925c92eecb4a7acf62dd3b078950f108d0a65bfc5afe15ede450f15e1cd82f423d75a1a0ebfc5ff64974f6747f029d81b430d57bccf6e4200ef221c351c42

  • SSDEEP

    1536:Gwk3NI0Bnt73BQjB1toq+SxqivSZ3Z3h3p0tP7xlUcaU2eGOO4nRvno+ogHm:o3NI0x/sB1/+qvKZ3hKx7Mi2mO4nRvor

Malware Config

Extracted

Family

asyncrat

Version

AWS | 3Losh

Botnet

Elsa3eed

C2

workhard.servegame.org:7077

Mutex

AsyncMutex_alosh

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      02c22994e069512f7218bebf1b99eca33cc1e00eecf0885716eb869d5e8399a9

    • Size

      452KB

    • MD5

      98a274f7245d7ef98896656f20054bd2

    • SHA1

      8b58781e459ab555bac60706dffe3865bd57a581

    • SHA256

      02c22994e069512f7218bebf1b99eca33cc1e00eecf0885716eb869d5e8399a9

    • SHA512

      b80e09fcfa113a6b672932665fd94a65f68f90e5331da987d13721e3104f4cca27a8964daf62d120629538b158634381289350b6f2d67799af5e65366e967911

    • SSDEEP

      1536:TUdAHeDN4NDabDzuCO4dfk2wyIzlGWN7492cQIKtulHTITV4f1qpi6AdYQc6Jwhc:TMnPYQcZ3R48S

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks