Overview

overview

10

Static

static

Techno Gro...df.jar

windows7_x64

10

Techno Gro...df.jar

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Techno Group Pakistan Quotation Request_Pdf.jar

  • Size

    403KB

  • Sample

    200818-mnl1h25dps

  • MD5

    fc115bb8e02dd12ad2e1f5b334174288

  • SHA1

    9e41b33dc89f43e509ef4297f29934ef3a9c2945

  • SHA256

    8bcdae78528284a03c0a797472234561fd523be8a9a822f51f056cf8e72a1755

  • SHA512

    5cc026bc0eca4cf136a6614df24ed84e5cff65bb8558384d4f672db5cb0f40d9614e16c7e78873a871573f6c78951befb8020be9907ebad030e77ff6a32f47d8

Score
10/10
qarallaxevasionpersistencetrojan

Malware Config

Targets

    • Target

      Techno Group Pakistan Quotation Request_Pdf.jar

    • Size

      403KB

    • MD5

      fc115bb8e02dd12ad2e1f5b334174288

    • SHA1

      9e41b33dc89f43e509ef4297f29934ef3a9c2945

    • SHA256

      8bcdae78528284a03c0a797472234561fd523be8a9a822f51f056cf8e72a1755

    • SHA512

      5cc026bc0eca4cf136a6614df24ed84e5cff65bb8558384d4f672db5cb0f40d9614e16c7e78873a871573f6c78951befb8020be9907ebad030e77ff6a32f47d8

    Score
    10/10
    persistenceevasiontrojanqarallax

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • QarallaxRAT

      Qarallax is a RAT developed by Quaverse and sold as RaaS (RAT as a Service).

      trojanqarallax

    • Qarallax RAT support DLL

    • Disables Task Manager via registry modification

      evasion

    • Disables use of System Restore points

      evasion

    • Sets file execution options in registry

      persistence

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks