qarallax | 317635d2a76079e6d1b3ac14352d5d79d221d024dce158dfbf319287f34eef67 | Triage

Submit
Reports

Overview

overview

Static

static

Techno Gro...df.jar

windows7_x64

Techno Gro...df.jar

windows10_x64

Sharing

General

Target

Techno Group Pakistan Request For Quotation_pdf.jar
Size

411KB
Sample

200819-f55sktmwfs
MD5

ecd47ff15da71165a3462b367ec4d4b1
SHA1

43e309930fd7357c9f9e49fb84cae72f62f9c618
SHA256

317635d2a76079e6d1b3ac14352d5d79d221d024dce158dfbf319287f34eef67
SHA512

bb78d871eb67c6190771eeb9862c0f87d8a47924aa6bd4cca86c4d28ad1c0615117e7a8dbf944bf0fbc3db35d43b93af5917d335822f318bddcdcd3078e93287

Score

10^/10

qarallax evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

Techno Group Pakistan Request For Quotation_pdf.jar

Resource

win7v200722

trojan qarallax evasion persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Techno Group Pakistan Request For Quotation_pdf.jar

Resource

win10

persistence evasion trojan qarallax

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Techno Group Pakistan Request For Quotation_pdf.jar
- Size
  
  411KB
- MD5
  
  ecd47ff15da71165a3462b367ec4d4b1
- SHA1
  
  43e309930fd7357c9f9e49fb84cae72f62f9c618
- SHA256
  
  317635d2a76079e6d1b3ac14352d5d79d221d024dce158dfbf319287f34eef67
- SHA512
  
  bb78d871eb67c6190771eeb9862c0f87d8a47924aa6bd4cca86c4d28ad1c0615117e7a8dbf944bf0fbc3db35d43b93af5917d335822f318bddcdcd3078e93287
Score

10^/10

trojan qarallax evasion persistence
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- QarallaxRAT
  Qarallax is a RAT developed by Quaverse and sold as RaaS (RAT as a Service).
  trojan qarallax
- Qarallax RAT support DLL
- Disables Task Manager via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

trojanqarallaxevasionpersistence

behavioral2

persistenceevasiontrojanqarallax

© 2018-2024

Terms | Privacy