qarallax | bca4b851df178e8a757d0609ae14eae486b97ec1a0693a4d92865fe8dd023d66 | Triage

Submit
Reports

Overview

overview

Static

static

Bank Details.jar

windows7_x64

Bank Details.jar

windows10_x64

Sharing

General

Target

Bank Details.jar
Size

399KB
Sample

200825-qs1h4fc8mn
MD5

be78b9af89688c2cfb0be97cf90b2b82
SHA1

fa676fb645b4ae2ec0716b4d6efe85eacbd03617
SHA256

bca4b851df178e8a757d0609ae14eae486b97ec1a0693a4d92865fe8dd023d66
SHA512

8cd0c8718412b10cf56c10fbfa41b1dbdeda12bfcb5997f306fd7d79a781b336e10e6e61c471f75899fc24282d5f0201b75bfa65d3284959d32a3641efff8332

Score

10^/10

qarallax evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

Bank Details.jar

Resource

win7

persistence evasion trojan qarallax

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Bank Details.jar

Resource

win10

trojan qarallax persistence evasion

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Bank Details.jar
- Size
  
  399KB
- MD5
  
  be78b9af89688c2cfb0be97cf90b2b82
- SHA1
  
  fa676fb645b4ae2ec0716b4d6efe85eacbd03617
- SHA256
  
  bca4b851df178e8a757d0609ae14eae486b97ec1a0693a4d92865fe8dd023d66
- SHA512
  
  8cd0c8718412b10cf56c10fbfa41b1dbdeda12bfcb5997f306fd7d79a781b336e10e6e61c471f75899fc24282d5f0201b75bfa65d3284959d32a3641efff8332
Score

10^/10

persistence evasion trojan qarallax
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- QarallaxRAT
  Qarallax is a RAT developed by Quaverse and sold as RaaS (RAT as a Service).
  trojan qarallax
- Qarallax RAT support DLL
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistenceevasiontrojanqarallax

behavioral2

trojanqarallaxpersistenceevasion

© 2018-2024

Terms | Privacy