Overview

overview

10

Static

static

Bank Details.jar

windows7_x64

10

Bank Details.jar

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Bank Details.jar

  • Size

    399KB

  • Sample

    200825-qs1h4fc8mn

  • MD5

    be78b9af89688c2cfb0be97cf90b2b82

  • SHA1

    fa676fb645b4ae2ec0716b4d6efe85eacbd03617

  • SHA256

    bca4b851df178e8a757d0609ae14eae486b97ec1a0693a4d92865fe8dd023d66

  • SHA512

    8cd0c8718412b10cf56c10fbfa41b1dbdeda12bfcb5997f306fd7d79a781b336e10e6e61c471f75899fc24282d5f0201b75bfa65d3284959d32a3641efff8332

Score
10/10
qarallaxevasionpersistencetrojan

Malware Config

Targets

    • Target

      Bank Details.jar

    • Size

      399KB

    • MD5

      be78b9af89688c2cfb0be97cf90b2b82

    • SHA1

      fa676fb645b4ae2ec0716b4d6efe85eacbd03617

    • SHA256

      bca4b851df178e8a757d0609ae14eae486b97ec1a0693a4d92865fe8dd023d66

    • SHA512

      8cd0c8718412b10cf56c10fbfa41b1dbdeda12bfcb5997f306fd7d79a781b336e10e6e61c471f75899fc24282d5f0201b75bfa65d3284959d32a3641efff8332

    Score
    10/10
    persistenceevasiontrojanqarallax

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • QarallaxRAT

      Qarallax is a RAT developed by Quaverse and sold as RaaS (RAT as a Service).

      trojanqarallax

    • Qarallax RAT support DLL

    • Sets file execution options in registry

      persistence

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks