qarallax | e1e1ea1f7dc17228b04b3bd0c1ed60b614fdd8b03f82a41508eabb1b51932a3b | Triage

Submit
Reports

Overview

overview

Static

static

PAYMENT.jar

windows7_x64

PAYMENT.jar

windows10_x64

Sharing

General

Target

PAYMENT.jar
Size

399KB
Sample

200819-164vh5ae2e
MD5

eb65bbf22d4e40550c189075b699b5f0
SHA1

f0e43eea39f34135746321b3a6652f7dabfbd279
SHA256

e1e1ea1f7dc17228b04b3bd0c1ed60b614fdd8b03f82a41508eabb1b51932a3b
SHA512

a87e6733a93c77fe09b98eed39e1905c884104da84ecfc6796a82c085f2b7e1193db0d1df0577881d412202814058661e908ce00e08349d06782e732d775b00b

Score

10^/10

qarallax evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

PAYMENT.jar

Resource

win7v200722

persistence evasion trojan qarallax

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PAYMENT.jar

Resource

win10

persistence evasion trojan qarallax

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  PAYMENT.jar
- Size
  
  399KB
- MD5
  
  eb65bbf22d4e40550c189075b699b5f0
- SHA1
  
  f0e43eea39f34135746321b3a6652f7dabfbd279
- SHA256
  
  e1e1ea1f7dc17228b04b3bd0c1ed60b614fdd8b03f82a41508eabb1b51932a3b
- SHA512
  
  a87e6733a93c77fe09b98eed39e1905c884104da84ecfc6796a82c085f2b7e1193db0d1df0577881d412202814058661e908ce00e08349d06782e732d775b00b
Score

10^/10

persistence evasion trojan qarallax
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- QarallaxRAT
  Qarallax is a RAT developed by Quaverse and sold as RaaS (RAT as a Service).
  trojan qarallax
- Qarallax RAT support DLL
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceevasiontrojanqarallax

behavioral2

persistenceevasiontrojanqarallax

© 2018-2024

Terms | Privacy