qarallax | 0b81ff2995706809c70836bc77057db0e6b395c39f8e4623d354efcaa82f7480 | Triage

Submit
Reports

Overview

overview

Static

static

Payment Ad...df.jar

windows7_x64

Payment Ad...df.jar

windows10_x64

Sharing

General

Target

Payment Advice Hsbc_pdf.jar
Size

411KB
Sample

200825-9fqe6e5f3j
MD5

f202f81ea024be0ef950ff369bdf4087
SHA1

4dbbfe69123c4d8348e61f06f1b6c78e6e685fca
SHA256

0b81ff2995706809c70836bc77057db0e6b395c39f8e4623d354efcaa82f7480
SHA512

99eff56986a915ca8ed5d301484e24b82d35745e17bfecf275e38705cb4e95f4a60b06930f2d01157905f843971f01b03613b0c79e92dc78ab269fe499271c54

Score

10^/10

qarallax evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

Payment Advice Hsbc_pdf.jar

Resource

win7v200722

trojan qarallax persistence evasion

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Payment Advice Hsbc_pdf.jar

Resource

win10v200722

trojan qarallax persistence evasion

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Payment Advice Hsbc_pdf.jar
- Size
  
  411KB
- MD5
  
  f202f81ea024be0ef950ff369bdf4087
- SHA1
  
  4dbbfe69123c4d8348e61f06f1b6c78e6e685fca
- SHA256
  
  0b81ff2995706809c70836bc77057db0e6b395c39f8e4623d354efcaa82f7480
- SHA512
  
  99eff56986a915ca8ed5d301484e24b82d35745e17bfecf275e38705cb4e95f4a60b06930f2d01157905f843971f01b03613b0c79e92dc78ab269fe499271c54
Score

10^/10

trojan qarallax persistence evasion
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- QarallaxRAT
  Qarallax is a RAT developed by Quaverse and sold as RaaS (RAT as a Service).
  trojan qarallax
- Qarallax RAT support DLL
- Disables Task Manager via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

trojanqarallaxpersistenceevasion

behavioral2

trojanqarallaxpersistenceevasion

© 2018-2024

Terms | Privacy