qarallax | ddc0264f82a81e5c3070a77887e7840f0fbde2949b742b74381fe8ec39daa9b8 | Triage

Submit
Reports

Overview

overview

Static

static

REN42159.jar

windows7_x64

REN42159.jar

windows10_x64

Sharing

General

Target

REN42159.jar
Size

401KB
Sample

200806-c9796eyl5a
MD5

dc91a54b2286a05af54711ba5139a897
SHA1

ef36e7172287d286e7465442209d23d0d14ebf2e
SHA256

ddc0264f82a81e5c3070a77887e7840f0fbde2949b742b74381fe8ec39daa9b8
SHA512

a46142c6df8d614db6a0225d73dd72d73fd64e0a89b43f7d5da10d552f70c2f9d4aa9854e1ee68214c2c7f70d890374bf2853fbfcc39ecabef30c2fe71a10037

Score

10^/10

qarallax evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

REN42159.jar

Resource

win7v200722

trojan qarallax persistence evasion

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

REN42159.jar

Resource

win10v200722

evasion trojan persistence qarallax

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  REN42159.jar
- Size
  
  401KB
- MD5
  
  dc91a54b2286a05af54711ba5139a897
- SHA1
  
  ef36e7172287d286e7465442209d23d0d14ebf2e
- SHA256
  
  ddc0264f82a81e5c3070a77887e7840f0fbde2949b742b74381fe8ec39daa9b8
- SHA512
  
  a46142c6df8d614db6a0225d73dd72d73fd64e0a89b43f7d5da10d552f70c2f9d4aa9854e1ee68214c2c7f70d890374bf2853fbfcc39ecabef30c2fe71a10037
Score

10^/10

trojan qarallax persistence evasion
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- QarallaxRAT
  Qarallax is a RAT developed by Quaverse and sold as RaaS (RAT as a Service).
  trojan qarallax
- Qarallax RAT support DLL
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

trojanqarallaxpersistenceevasion

behavioral2

evasiontrojanpersistenceqarallax

© 2018-2024

Terms | Privacy