qarallax | 826f301f5f248d9586c0924a30c56cbb9cda42b82292a1ddd35b0b5ae087413c | Triage

Submit
Reports

Overview

overview

Static

static

BOLDROCCHI...DF.jar

windows7_x64

BOLDROCCHI...DF.jar

windows10_x64

Sharing

General

Target

BOLDROCCHI SRL ITALY QUOTATION REQUEST_PDF.jar
Size

411KB
Sample

200819-3fxade2edj
MD5

10d957699927f69e41cf596817c4ca7b
SHA1

dad3d0a7a5cc52c7ef981ab2cc73de64d41c3561
SHA256

826f301f5f248d9586c0924a30c56cbb9cda42b82292a1ddd35b0b5ae087413c
SHA512

2149a85b712ae88c180353d71dccd1aed9d57c41407c679f070362396914233f3575d00d7394f370201e12e4db7b06f01c0f0a63e223af9f933dc0af53d9e243

Score

10^/10

qarallax evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

BOLDROCCHI SRL ITALY QUOTATION REQUEST_PDF.jar

Resource

win7v200722

persistence evasion trojan qarallax

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

BOLDROCCHI SRL ITALY QUOTATION REQUEST_PDF.jar

Resource

win10v200722

trojan qarallax evasion persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  BOLDROCCHI SRL ITALY QUOTATION REQUEST_PDF.jar
- Size
  
  411KB
- MD5
  
  10d957699927f69e41cf596817c4ca7b
- SHA1
  
  dad3d0a7a5cc52c7ef981ab2cc73de64d41c3561
- SHA256
  
  826f301f5f248d9586c0924a30c56cbb9cda42b82292a1ddd35b0b5ae087413c
- SHA512
  
  2149a85b712ae88c180353d71dccd1aed9d57c41407c679f070362396914233f3575d00d7394f370201e12e4db7b06f01c0f0a63e223af9f933dc0af53d9e243
Score

10^/10

persistence evasion trojan qarallax
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- QarallaxRAT
  Qarallax is a RAT developed by Quaverse and sold as RaaS (RAT as a Service).
  trojan qarallax
- Qarallax RAT support DLL
- Disables Task Manager via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceevasiontrojanqarallax

behavioral2

trojanqarallaxevasionpersistence

© 2018-2024

Terms | Privacy