qarallax | 409a926c8b06ca68686a8061be80b306eb5c7b1b29aa4e7323540f555254caa8 | Triage

Submit
Reports

Overview

overview

Static

static

Invoice 645505.jar

windows7_x64

Invoice 645505.jar

windows10_x64

Sharing

General

Target

Invoice 645505.jar
Size

411KB
Sample

200819-b91fcnetjj
MD5

c155328fa4fc5bcef15471d7b260ced4
SHA1

3ed307dfdd397b93f6a6bb2fa69a8f10904d59cb
SHA256

409a926c8b06ca68686a8061be80b306eb5c7b1b29aa4e7323540f555254caa8
SHA512

e9edce2b9e24578164876323f8678fbd62d5426fac48654a597b9776b97ab3a07232cfbfe3e25d988d9ec46fa7e38e425a3806d711174b5294c6124d5cdc88f7

Score

10^/10

qarallax evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

Invoice 645505.jar

Resource

win7

evasion persistence trojan qarallax

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Invoice 645505.jar

Resource

win10v200722

evasion trojan persistence qarallax

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Invoice 645505.jar
- Size
  
  411KB
- MD5
  
  c155328fa4fc5bcef15471d7b260ced4
- SHA1
  
  3ed307dfdd397b93f6a6bb2fa69a8f10904d59cb
- SHA256
  
  409a926c8b06ca68686a8061be80b306eb5c7b1b29aa4e7323540f555254caa8
- SHA512
  
  e9edce2b9e24578164876323f8678fbd62d5426fac48654a597b9776b97ab3a07232cfbfe3e25d988d9ec46fa7e38e425a3806d711174b5294c6124d5cdc88f7
Score

10^/10

evasion persistence trojan qarallax
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- QarallaxRAT
  Qarallax is a RAT developed by Quaverse and sold as RaaS (RAT as a Service).
  trojan qarallax
- Qarallax RAT support DLL
- Disables Task Manager via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistencetrojanqarallax

behavioral2

evasiontrojanpersistenceqarallax

© 2018-2024

Terms | Privacy