qarallax | bd0689a49b290187170ebe5ad6d582d18b7d13681b28e951f04172d79265d0fa | Triage

Submit
Reports

Overview

overview

Static

static

Invoice_.jar

windows7_x64

Invoice_.jar

windows10_x64

Sharing

General

Target

Invoice_.jar
Size

403KB
Sample

200923-xt7cebmcnn
MD5

cf937e091a57e2a92baf1b8e635a0595
SHA1

1eab495dce63c73a138ed476f7309ef0e6bc1361
SHA256

bd0689a49b290187170ebe5ad6d582d18b7d13681b28e951f04172d79265d0fa
SHA512

bdc6f86f2bdc56ddf969ac8c7690bc305c034aaa3aaf6bde82400dea5ac5d47f54179a0d7ef5fbe1399b4aefe125b5ffd99f26bc966c313aad944918c9056892

Score

10^/10

qarallax evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

Invoice_.jar

Resource

win7

persistence evasion trojan qarallax

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Invoice_.jar

Resource

win10v200722

persistence evasion trojan qarallax

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Invoice_.jar
- Size
  
  403KB
- MD5
  
  cf937e091a57e2a92baf1b8e635a0595
- SHA1
  
  1eab495dce63c73a138ed476f7309ef0e6bc1361
- SHA256
  
  bd0689a49b290187170ebe5ad6d582d18b7d13681b28e951f04172d79265d0fa
- SHA512
  
  bdc6f86f2bdc56ddf969ac8c7690bc305c034aaa3aaf6bde82400dea5ac5d47f54179a0d7ef5fbe1399b4aefe125b5ffd99f26bc966c313aad944918c9056892
Score

10^/10

persistence evasion trojan qarallax
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- QarallaxRAT
  Qarallax is a RAT developed by Quaverse and sold as RaaS (RAT as a Service).
  trojan qarallax
- Qarallax RAT support DLL
- Disables Task Manager via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceevasiontrojanqarallax

behavioral2

persistenceevasiontrojanqarallax

© 2018-2024

Terms | Privacy