Overview

overview

10

Static

static

SOYKAL MID...54.exe

windows7_x64

10

SOYKAL MID...54.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SOYKAL MID YEAR REQUEST 202090404885554540000009004954.exe

  • Size

    1.5MB

  • Sample

    200710-1hac6mxkva

  • MD5

    0789465bc17bc4852eb45209aab31f7c

  • SHA1

    bab2316f721d23b3607ee888be673ef76311b184

  • SHA256

    f37f40245387cf924b4692267251875273ef75ad03fa9f92d73ab021f5c9e307

  • SHA512

    b78884bad9029d83ea16a6cd1041cbc4e1b8fd1cf371682bc43a54ed6b5ca542cfd19d13b3cb5ba869d0fdd76f1864c4354158231e68d45d9eb8f2ec074fbf2b

Score
10/10
parallaxpersistencerat

Malware Config

Targets

    • Target

      SOYKAL MID YEAR REQUEST 202090404885554540000009004954.exe

    • Size

      1.5MB

    • MD5

      0789465bc17bc4852eb45209aab31f7c

    • SHA1

      bab2316f721d23b3607ee888be673ef76311b184

    • SHA256

      f37f40245387cf924b4692267251875273ef75ad03fa9f92d73ab021f5c9e307

    • SHA512

      b78884bad9029d83ea16a6cd1041cbc4e1b8fd1cf371682bc43a54ed6b5ca542cfd19d13b3cb5ba869d0fdd76f1864c4354158231e68d45d9eb8f2ec074fbf2b

    Score
    10/10
    persistenceratparallax

    • ParallaxRat

      ParallaxRat is a multipurpose RAT written in MASM.

      ratparallax

    • ParallaxRat payload

      Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

    • Executes dropped EXE

    • Adds Run entry to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks