qarallax | 4fbba6984bfcc915b229aca31711fbbbbf17883782028b72b9a080d48cd6bb87 | Triage

Submit
Reports

Overview

overview

Static

static

Quote.jar

windows7_x64

Quote.jar

windows10_x64

Sharing

General

Target

Quote.jar
Size

399KB
Sample

200819-k895gkk8ds
MD5

59444630bce44b4d60b0ff8363c5164e
SHA1

03fa6c6f567e8a4777348d3f8a21bfc9fe2ae1f9
SHA256

4fbba6984bfcc915b229aca31711fbbbbf17883782028b72b9a080d48cd6bb87
SHA512

5d9abfa3a9a52dc9a68ab3e96d297389d391b4a2d30094cb4fce8cb473b52825c20c432d4e8dab91050f1dffff7630c8670337445f9b5ad6968b87c25dc5d545

Score

10^/10

qarallax evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

Quote.jar

Resource

win7v200722

persistence trojan qarallax evasion

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Quote.jar

Resource

win10

persistence trojan qarallax evasion

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Quote.jar
- Size
  
  399KB
- MD5
  
  59444630bce44b4d60b0ff8363c5164e
- SHA1
  
  03fa6c6f567e8a4777348d3f8a21bfc9fe2ae1f9
- SHA256
  
  4fbba6984bfcc915b229aca31711fbbbbf17883782028b72b9a080d48cd6bb87
- SHA512
  
  5d9abfa3a9a52dc9a68ab3e96d297389d391b4a2d30094cb4fce8cb473b52825c20c432d4e8dab91050f1dffff7630c8670337445f9b5ad6968b87c25dc5d545
Score

10^/10

persistence trojan qarallax evasion
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- QarallaxRAT
  Qarallax is a RAT developed by Quaverse and sold as RaaS (RAT as a Service).
  trojan qarallax
- Qarallax RAT support DLL
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencetrojanqarallaxevasion

behavioral2

persistencetrojanqarallaxevasion

© 2018-2024

Terms | Privacy