General
-
Target
PI_revisado.jar
-
Size
410KB
-
Sample
200819-b7dyrng5ga
-
MD5
0922b16b4e870dcf93bff729f84ad597
-
SHA1
259e5380c4655ce5076a89e1f41c4764c1810825
-
SHA256
a4a5c90b835592cb0ed02f3cdd7697c937c2e86fe204ba1a9f1b3f3c52f57963
-
SHA512
51c05bb76c7217e70dd54711dfdcc23b77eec09a3531d01b49c7f9423a8121848e6430c4f4276f2af62193c6fc64010046cfe3c1b80e7577f4c1e6b76259c8e0
Score
10/10
Malware Config
Targets
-
-
Target
PI_revisado.jar
-
Size
410KB
-
MD5
0922b16b4e870dcf93bff729f84ad597
-
SHA1
259e5380c4655ce5076a89e1f41c4764c1810825
-
SHA256
a4a5c90b835592cb0ed02f3cdd7697c937c2e86fe204ba1a9f1b3f3c52f57963
-
SHA512
51c05bb76c7217e70dd54711dfdcc23b77eec09a3531d01b49c7f9423a8121848e6430c4f4276f2af62193c6fc64010046cfe3c1b80e7577f4c1e6b76259c8e0
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
QarallaxRAT
Qarallax is a RAT developed by Quaverse and sold as RaaS (RAT as a Service).
-
Qarallax RAT support DLL
-
Disables Task Manager via registry modification
-
Disables use of System Restore points
-
Sets file execution options in registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-