General
-
Target
Techno Group Pakistan Quotation Request_Pdf.jar
-
Size
403KB
-
Sample
200818-mnl1h25dps
-
MD5
fc115bb8e02dd12ad2e1f5b334174288
-
SHA1
9e41b33dc89f43e509ef4297f29934ef3a9c2945
-
SHA256
8bcdae78528284a03c0a797472234561fd523be8a9a822f51f056cf8e72a1755
-
SHA512
5cc026bc0eca4cf136a6614df24ed84e5cff65bb8558384d4f672db5cb0f40d9614e16c7e78873a871573f6c78951befb8020be9907ebad030e77ff6a32f47d8
Malware Config
Targets
-
-
Target
Techno Group Pakistan Quotation Request_Pdf.jar
-
Size
403KB
-
MD5
fc115bb8e02dd12ad2e1f5b334174288
-
SHA1
9e41b33dc89f43e509ef4297f29934ef3a9c2945
-
SHA256
8bcdae78528284a03c0a797472234561fd523be8a9a822f51f056cf8e72a1755
-
SHA512
5cc026bc0eca4cf136a6614df24ed84e5cff65bb8558384d4f672db5cb0f40d9614e16c7e78873a871573f6c78951befb8020be9907ebad030e77ff6a32f47d8
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
QarallaxRAT
Qarallax is a RAT developed by Quaverse and sold as RaaS (RAT as a Service).
-
Qarallax RAT support DLL
-
Disables Task Manager via registry modification
-
Disables use of System Restore points
-
Sets file execution options in registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-