qarallax | 4978e38561ad475d2222684679af717a9f864420c4893d00c74f4d7790e1f8c5 | Triage

Submit
Reports

Overview

overview

Static

static

NOTIFICA D...DF.jar

windows7_x64

NOTIFICA D...DF.jar

windows10_x64

Sharing

General

Target

NOTIFICA DI ARRIVO DHL_PDF.jar
Size

411KB
Sample

200820-6vhd49bczn
MD5

07a44afbee3453588d1cd6724b53933c
SHA1

0e635ec400e5fb8d68e5d21db1362f898df3ec73
SHA256

4978e38561ad475d2222684679af717a9f864420c4893d00c74f4d7790e1f8c5
SHA512

c3b3b80162224b3de18cca40f7c59c15235910b4ea367d98022babfea0a893495da973096f5ca7e647866520d147f2de9be7a5637ae93a4dcaf7deefac9f7805

Score

10^/10

qarallax evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

NOTIFICA DI ARRIVO DHL_PDF.jar

Resource

win7

persistence evasion trojan qarallax

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

NOTIFICA DI ARRIVO DHL_PDF.jar

Resource

win10v200722

evasion trojan qarallax persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  NOTIFICA DI ARRIVO DHL_PDF.jar
- Size
  
  411KB
- MD5
  
  07a44afbee3453588d1cd6724b53933c
- SHA1
  
  0e635ec400e5fb8d68e5d21db1362f898df3ec73
- SHA256
  
  4978e38561ad475d2222684679af717a9f864420c4893d00c74f4d7790e1f8c5
- SHA512
  
  c3b3b80162224b3de18cca40f7c59c15235910b4ea367d98022babfea0a893495da973096f5ca7e647866520d147f2de9be7a5637ae93a4dcaf7deefac9f7805
Score

10^/10

persistence evasion trojan qarallax
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- QarallaxRAT
  Qarallax is a RAT developed by Quaverse and sold as RaaS (RAT as a Service).
  trojan qarallax
- Qarallax RAT support DLL
- Disables Task Manager via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceevasiontrojanqarallax

behavioral2

evasiontrojanqarallaxpersistence

© 2018-2024

Terms | Privacy