Overview

overview

10

Static

static

Payment Ad...df.jar

windows7_x64

10

Payment Ad...df.jar

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payment Advice Hsbc_pdf.jar

  • Size

    411KB

  • Sample

    200825-9fqe6e5f3j

  • MD5

    f202f81ea024be0ef950ff369bdf4087

  • SHA1

    4dbbfe69123c4d8348e61f06f1b6c78e6e685fca

  • SHA256

    0b81ff2995706809c70836bc77057db0e6b395c39f8e4623d354efcaa82f7480

  • SHA512

    99eff56986a915ca8ed5d301484e24b82d35745e17bfecf275e38705cb4e95f4a60b06930f2d01157905f843971f01b03613b0c79e92dc78ab269fe499271c54

Score
10/10
qarallaxevasionpersistencetrojan

Malware Config

Targets

    • Target

      Payment Advice Hsbc_pdf.jar

    • Size

      411KB

    • MD5

      f202f81ea024be0ef950ff369bdf4087

    • SHA1

      4dbbfe69123c4d8348e61f06f1b6c78e6e685fca

    • SHA256

      0b81ff2995706809c70836bc77057db0e6b395c39f8e4623d354efcaa82f7480

    • SHA512

      99eff56986a915ca8ed5d301484e24b82d35745e17bfecf275e38705cb4e95f4a60b06930f2d01157905f843971f01b03613b0c79e92dc78ab269fe499271c54

    Score
    10/10
    trojanqarallaxpersistenceevasion

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • QarallaxRAT

      Qarallax is a RAT developed by Quaverse and sold as RaaS (RAT as a Service).

      trojanqarallax

    • Qarallax RAT support DLL

    • Disables Task Manager via registry modification

      evasion

    • Disables use of System Restore points

      evasion

    • Sets file execution options in registry

      persistence

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks