Overview

overview

10

Static

static

sam.vbs

windows7_x64

10

sam.vbs

windows10_x64

3

Resubmissions

29-04-2020 15:14

200429-y3jdvqsxhe 10

23-04-2020 14:19

200423-b74jnczy8x 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sam.vbs

  • Size

    393KB

  • Sample

    200429-y3jdvqsxhe

  • MD5

    75c8be3639f3ccfdc0dcdce861f501b5

  • SHA1

    26ffae8998dceb278f4b1b37f6c106e429ae8b41

  • SHA256

    7e21cd377485343d0bf84d80263ae933d24f63d8d53e5714a5af4a27d2c38e13

  • SHA512

    fff41d231d86a4a8c2f7d1606bef45fd3bca0a65c65581799799b49ddc29eb5e78ccc755b6251eb0a0540a49794c5d588a5aa4cc422a5201f9ff4fdcb17863fb

Score
10/10
parallaxrat

Malware Config

Targets

    • Target

      sam.vbs

    • Size

      393KB

    • MD5

      75c8be3639f3ccfdc0dcdce861f501b5

    • SHA1

      26ffae8998dceb278f4b1b37f6c106e429ae8b41

    • SHA256

      7e21cd377485343d0bf84d80263ae933d24f63d8d53e5714a5af4a27d2c38e13

    • SHA512

      fff41d231d86a4a8c2f7d1606bef45fd3bca0a65c65581799799b49ddc29eb5e78ccc755b6251eb0a0540a49794c5d588a5aa4cc422a5201f9ff4fdcb17863fb

    Score
    10/10
    ratparallax

    • ParallaxRat

      ParallaxRat is a multipurpose RAT written in MASM.

      ratparallax

    • ParallaxRat payload

      Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks