qarallax | fbfd10ddb1840f5f1deedc2067baca46c28a06078d9abea612a7948c75fcd352 | Triage

Submit
Reports

Overview

overview

Static

static

08028.jar

windows7_x64

08028.jar

windows10_x64

Sharing

General

Target

08028.jar
Size

403KB
Sample

200830-yxkv6l4fln
MD5

805fada47d34674fac492573b6f01de8
SHA1

a796de518f1c7582485d80d5e3d1904a20e79a22
SHA256

fbfd10ddb1840f5f1deedc2067baca46c28a06078d9abea612a7948c75fcd352
SHA512

f3f5d5bf9aa312a527c770f37d97f09ee8322293db00a302bb56cce5e407df2d94ec19ffb87d176e5867870b882b93c57f8b64b67deda1586a8ac3dc4d012a99

Score

10^/10

qarallax evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

08028.jar

Resource

win7

persistence evasion trojan qarallax

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

08028.jar

Resource

win10v200722

trojan qarallax evasion persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  08028.jar
- Size
  
  403KB
- MD5
  
  805fada47d34674fac492573b6f01de8
- SHA1
  
  a796de518f1c7582485d80d5e3d1904a20e79a22
- SHA256
  
  fbfd10ddb1840f5f1deedc2067baca46c28a06078d9abea612a7948c75fcd352
- SHA512
  
  f3f5d5bf9aa312a527c770f37d97f09ee8322293db00a302bb56cce5e407df2d94ec19ffb87d176e5867870b882b93c57f8b64b67deda1586a8ac3dc4d012a99
Score

10^/10

persistence evasion trojan qarallax
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- QarallaxRAT
  Qarallax is a RAT developed by Quaverse and sold as RaaS (RAT as a Service).
  trojan qarallax
- Qarallax RAT support DLL
- Disables Task Manager via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceevasiontrojanqarallax

behavioral2

trojanqarallaxevasionpersistence

© 2018-2024

Terms | Privacy