qarallax | bdafde58e2c63bd9a4dd6a4909028b110ea52c86761e1555d7847b7dce6f69a2 | Triage

Submit
Reports

Overview

overview

Static

static

_COVID- 19...ar.jar

windows7_x64

_COVID- 19...ar.jar

windows10_x64

Sharing

General

Target

_COVID- 19 Circular.jar
Size

401KB
Sample

200420-fd8qvxspfj
MD5

be24dedeed93e264d65921a159f4b264
SHA1

39669b2e5e8503a7b6e0e8276c7b07020824d1cb
SHA256

bdafde58e2c63bd9a4dd6a4909028b110ea52c86761e1555d7847b7dce6f69a2
SHA512

5195d69ac28a85656a8397ba644c2cf187117b2f0682e707f1af881d2dcb84e9792cb211d006b3600d606411267db4ed1e16caed39e25a85442bb50a9d5b572b

Score

10^/10

qarallax evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

_COVID- 19 Circular.jar

Resource

win7v200410

qarallax evasion persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

_COVID- 19 Circular.jar

Resource

win10v200410

qarallax evasion persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  _COVID- 19 Circular.jar
- Size
  
  401KB
- MD5
  
  be24dedeed93e264d65921a159f4b264
- SHA1
  
  39669b2e5e8503a7b6e0e8276c7b07020824d1cb
- SHA256
  
  bdafde58e2c63bd9a4dd6a4909028b110ea52c86761e1555d7847b7dce6f69a2
- SHA512
  
  5195d69ac28a85656a8397ba644c2cf187117b2f0682e707f1af881d2dcb84e9792cb211d006b3600d606411267db4ed1e16caed39e25a85442bb50a9d5b572b
Score

10^/10

qarallax evasion persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- QarallaxRAT
  Qarallax is a RAT developed by Quaverse and sold as RaaS (RAT as a Service).
  trojan qarallax
- Qarallax RAT support DLL
- Disables Task Manager via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

qarallaxevasionpersistencetrojan

behavioral2

qarallaxevasionpersistencetrojan

© 2018-2024

Terms | Privacy