qarallax | 4a2540d400c6c1ceb0ea0f56012631c14b5c29c00c7f9149de2d50feaa55c7c8 | Triage

Submit
Reports

Overview

overview

Static

static

Settlement...nt.jar

windows7_x64

Settlement...nt.jar

windows10_x64

Sharing

General

Target

Settlement Statement.jar
Size

410KB
Sample

200819-len5a2l3g2
MD5

067b448f548254e2442e5c63e74f8dd9
SHA1

e35fb2ffd0c72c9dacdb74bcbd22762cb110d2a7
SHA256

4a2540d400c6c1ceb0ea0f56012631c14b5c29c00c7f9149de2d50feaa55c7c8
SHA512

e5928f53a2bfa6d1fdca8baee6887540eb524b2ad2ca0ef58c4bd62144ce06a87a1b9cdcef9a8882109170fa39ed9e5568823d09839daaf71ad5755249faceb0

Score

10^/10

qarallax evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

Settlement Statement.jar

Resource

win7

evasion trojan persistence qarallax

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Settlement Statement.jar

Resource

win10v200722

persistence evasion trojan qarallax

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Settlement Statement.jar
- Size
  
  410KB
- MD5
  
  067b448f548254e2442e5c63e74f8dd9
- SHA1
  
  e35fb2ffd0c72c9dacdb74bcbd22762cb110d2a7
- SHA256
  
  4a2540d400c6c1ceb0ea0f56012631c14b5c29c00c7f9149de2d50feaa55c7c8
- SHA512
  
  e5928f53a2bfa6d1fdca8baee6887540eb524b2ad2ca0ef58c4bd62144ce06a87a1b9cdcef9a8882109170fa39ed9e5568823d09839daaf71ad5755249faceb0
Score

10^/10

evasion trojan persistence qarallax
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- QarallaxRAT
  Qarallax is a RAT developed by Quaverse and sold as RaaS (RAT as a Service).
  trojan qarallax
- Qarallax RAT support DLL
- Disables Task Manager via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasiontrojanpersistenceqarallax

behavioral2

persistenceevasiontrojanqarallax

© 2018-2024

Terms | Privacy