qarallax | af2282169fd256121196373e4a1171e44ab0dd830ffd5f2b49f5b5d0a9f6b473 | Triage

Submit
Reports

Overview

overview

Static

static

STATEMENT.jar

windows7_x64

STATEMENT.jar

windows10_x64

Sharing

General

Target

STATEMENT.jar
Size

410KB
Sample

200806-k3ev8mxahj
MD5

c97cbc1f72a7a3100781e9e9dd0726c9
SHA1

cfd2845d70ba1de8fa041c844deacf5f72d360b2
SHA256

af2282169fd256121196373e4a1171e44ab0dd830ffd5f2b49f5b5d0a9f6b473
SHA512

0592feef2b9dfeeb87fd8dec6682664dbacfd4ec70e7e52d0dd08b39ba3590af4662c0cc5236bbd334e5b06c8a1207d06341b104000d889ebb6454ac2d18f9ba

Score

10^/10

qarallax evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

STATEMENT.jar

Resource

win7

persistence evasion trojan qarallax

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

STATEMENT.jar

Resource

win10v200722

persistence evasion trojan qarallax

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  STATEMENT.jar
- Size
  
  410KB
- MD5
  
  c97cbc1f72a7a3100781e9e9dd0726c9
- SHA1
  
  cfd2845d70ba1de8fa041c844deacf5f72d360b2
- SHA256
  
  af2282169fd256121196373e4a1171e44ab0dd830ffd5f2b49f5b5d0a9f6b473
- SHA512
  
  0592feef2b9dfeeb87fd8dec6682664dbacfd4ec70e7e52d0dd08b39ba3590af4662c0cc5236bbd334e5b06c8a1207d06341b104000d889ebb6454ac2d18f9ba
Score

10^/10

persistence evasion trojan qarallax
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- QarallaxRAT
  Qarallax is a RAT developed by Quaverse and sold as RaaS (RAT as a Service).
  trojan qarallax
- Qarallax RAT support DLL
- Disables Task Manager via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceevasiontrojanqarallax

behavioral2

persistenceevasiontrojanqarallax

© 2018-2024

Terms | Privacy