qarallax | d4a142b9eba6dff66deadaea2777b5ce1d7fc551f94b5e7f87ba6a84709106c9 | Triage

Submit
Reports

Overview

overview

Static

static

New Bankin...ls.jar

windows7_x64

New Bankin...ls.jar

windows10_x64

Sharing

General

Target

New Banking Details.jar
Size

410KB
Sample

200806-lafzyx8wee
MD5

7ff8c97e2fe1c972876ee4cc84238074
SHA1

fb1d4dff5cedba4dc4eb0ddf662fc9be2d39e696
SHA256

d4a142b9eba6dff66deadaea2777b5ce1d7fc551f94b5e7f87ba6a84709106c9
SHA512

0531582de07c475fa4ebe358d5336ed810fcdb0adbcbcd8738a66b4aa7cd66eeb11837ce63cd534a23ff277f8a5d50e7a806675379f97e8e34cf45ede9d86759

Score

10^/10

qarallax evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

New Banking Details.jar

Resource

win7

evasion trojan qarallax persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

New Banking Details.jar

Resource

win10v200722

persistence trojan qarallax evasion

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  New Banking Details.jar
- Size
  
  410KB
- MD5
  
  7ff8c97e2fe1c972876ee4cc84238074
- SHA1
  
  fb1d4dff5cedba4dc4eb0ddf662fc9be2d39e696
- SHA256
  
  d4a142b9eba6dff66deadaea2777b5ce1d7fc551f94b5e7f87ba6a84709106c9
- SHA512
  
  0531582de07c475fa4ebe358d5336ed810fcdb0adbcbcd8738a66b4aa7cd66eeb11837ce63cd534a23ff277f8a5d50e7a806675379f97e8e34cf45ede9d86759
Score

10^/10

evasion trojan qarallax persistence
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- QarallaxRAT
  Qarallax is a RAT developed by Quaverse and sold as RaaS (RAT as a Service).
  trojan qarallax
- Qarallax RAT support DLL
- Disables Task Manager via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasiontrojanqarallaxpersistence

behavioral2

persistencetrojanqarallaxevasion

© 2018-2024

Terms | Privacy