Overview

overview

10

Static

static

Quotation.jar

windows7_x64

10

Quotation.jar

windows10_x64

10

Resubmissions

02-03-2020 14:38

200302-t6xq9fwvas 10

01-03-2020 13:36

200301-y5qej6pnj6 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Quotation.jar

  • Size

    377KB

  • Sample

    200301-y5qej6pnj6

  • MD5

    467c999fd06b4f90664bdb08bc3ce0f1

  • SHA1

    2674f8dff289f0137c26c19f04a98e3078029fa8

  • SHA256

    add0d88665429072983eeec4d8db4f8d1ce6cd39fe519f693a3b94bf3c0effef

  • SHA512

    4f5398576aab26154306983dd76116d28eed58a9996a83769d2b41b3803406c0bfb0799f86f955fc09d87efd686f5a77f80f67eb2c4b71a0bd70c556ec28f17a

Score
10/10
qarallaxevasionpersistencetrojan

Malware Config

Targets

    • Target

      Quotation.jar

    • Size

      377KB

    • MD5

      467c999fd06b4f90664bdb08bc3ce0f1

    • SHA1

      2674f8dff289f0137c26c19f04a98e3078029fa8

    • SHA256

      add0d88665429072983eeec4d8db4f8d1ce6cd39fe519f693a3b94bf3c0effef

    • SHA512

      4f5398576aab26154306983dd76116d28eed58a9996a83769d2b41b3803406c0bfb0799f86f955fc09d87efd686f5a77f80f67eb2c4b71a0bd70c556ec28f17a

    Score
    10/10
    qarallaxevasionpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • QarallaxRAT

      Qarallax is a RAT developed by Quaverse and sold as RaaS (RAT as a Service).

      trojanqarallax

    • Qarallax RAT support DLL

    • Disables use of System Restore points

      evasion

    • Sets file execution options in registry

      persistence

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks