Overview

overview

10

Static

static

QAOTATION.jar

windows7_x64

10

QAOTATION.jar

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    QAOTATION.jar

  • Size

    399KB

  • Sample

    200819-xxtxd8vera

  • MD5

    be666fddf4e70621ec1a8fe19348bbc3

  • SHA1

    132069951f67e7bd94cfce57a137b9f82ead15ad

  • SHA256

    3b7e009a2ca84ce2834f422390a85515b80034e4227c05e7522b274e862c7924

  • SHA512

    0ef5796a8bb0913389fefc4c940bd0200189d1227071e6a5a400c55925ee396722fa6107f91f618c9799e339a231ab43a7189378388f0551e2064d2eb9ff62fb

Score
10/10
qarallaxevasionpersistencetrojan

Malware Config

Targets

    • Target

      QAOTATION.jar

    • Size

      399KB

    • MD5

      be666fddf4e70621ec1a8fe19348bbc3

    • SHA1

      132069951f67e7bd94cfce57a137b9f82ead15ad

    • SHA256

      3b7e009a2ca84ce2834f422390a85515b80034e4227c05e7522b274e862c7924

    • SHA512

      0ef5796a8bb0913389fefc4c940bd0200189d1227071e6a5a400c55925ee396722fa6107f91f618c9799e339a231ab43a7189378388f0551e2064d2eb9ff62fb

    Score
    10/10
    persistenceevasiontrojanqarallax

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • QarallaxRAT

      Qarallax is a RAT developed by Quaverse and sold as RaaS (RAT as a Service).

      trojanqarallax

    • Qarallax RAT support DLL

    • Sets file execution options in registry

      persistence

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks