qarallax | f5a935fac6403d609baa306db915ab5da6e9ab91f3c02a08d031bd32a7cede5d | Triage

Submit
Reports

Overview

overview

Static

static

QAOTATION.jar

windows7_x64

QAOTATION.jar

windows10_x64

Sharing

General

Target

QAOTATION.jar
Size

399KB
Sample

200818-2lxbkseghe
MD5

8eca12b92226ec7ceb8193771450a074
SHA1

6a426efaa7d416665384c2901644227813ec1894
SHA256

f5a935fac6403d609baa306db915ab5da6e9ab91f3c02a08d031bd32a7cede5d
SHA512

3df544b9cee31c46a093e22972541634f729f029e8157d0020113884618674fc653cd5c62bea4c3ed58a02c1db7f7de1c6428dfe2eea0c615d19641375b19a55

Score

10^/10

qarallax evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

QAOTATION.jar

Resource

win7

qarallax evasion persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

QAOTATION.jar

Resource

win10v200722

qarallax evasion persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  QAOTATION.jar
- Size
  
  399KB
- MD5
  
  8eca12b92226ec7ceb8193771450a074
- SHA1
  
  6a426efaa7d416665384c2901644227813ec1894
- SHA256
  
  f5a935fac6403d609baa306db915ab5da6e9ab91f3c02a08d031bd32a7cede5d
- SHA512
  
  3df544b9cee31c46a093e22972541634f729f029e8157d0020113884618674fc653cd5c62bea4c3ed58a02c1db7f7de1c6428dfe2eea0c615d19641375b19a55
Score

10^/10

qarallax evasion persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- QarallaxRAT
  Qarallax is a RAT developed by Quaverse and sold as RaaS (RAT as a Service).
  trojan qarallax
- Qarallax RAT support DLL
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qarallaxevasionpersistencetrojan

behavioral2

qarallaxevasionpersistencetrojan

© 2018-2024

Terms | Privacy