parallax | a0ed7d0e67e9e7ccddf7e41cd11a81effd829ff27421471d7d303ac0776d6571 | Triage

Submit
Reports

Overview

overview

Static

static

a0ed7d0e67...71.exe

windows7_x64

a0ed7d0e67...71.exe

windows10_x64

Sharing

General

Target

a0ed7d0e67e9e7ccddf7e41cd11a81effd829ff27421471d7d303ac0776d6571
Size

315KB
Sample

201109-8ahvng3z1a
MD5

85b889e0bb4e312565530e6cd429a16e
SHA1

035526e87d8dcf12aca0deb73188d2195cc4767b
SHA256

a0ed7d0e67e9e7ccddf7e41cd11a81effd829ff27421471d7d303ac0776d6571
SHA512

cf653b97fbc5977498cb3c0c18c0950cf77c6c53417b7d3435f9ee8a9020d873ce5b3975d08dd64df9c970585ec06207de7f587b8aad48a30f29e10685f62cab

Score

10^/10

parallax agilenet persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

a0ed7d0e67e9e7ccddf7e41cd11a81effd829ff27421471d7d303ac0776d6571.exe

Resource

win7v20201028

parallax agilenet persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

a0ed7d0e67e9e7ccddf7e41cd11a81effd829ff27421471d7d303ac0776d6571.exe

Resource

win10v20201028

parallax agilenet persistence rat

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  a0ed7d0e67e9e7ccddf7e41cd11a81effd829ff27421471d7d303ac0776d6571
- Size
  
  315KB
- MD5
  
  85b889e0bb4e312565530e6cd429a16e
- SHA1
  
  035526e87d8dcf12aca0deb73188d2195cc4767b
- SHA256
  
  a0ed7d0e67e9e7ccddf7e41cd11a81effd829ff27421471d7d303ac0776d6571
- SHA512
  
  cf653b97fbc5977498cb3c0c18c0950cf77c6c53417b7d3435f9ee8a9020d873ce5b3975d08dd64df9c970585ec06207de7f587b8aad48a30f29e10685f62cab
Score

10^/10

parallax agilenet persistence rat
- ParallaxRat
  ParallaxRat is a multipurpose RAT written in MASM.
  rat parallax
- ParallaxRat payload
  Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

parallaxagilenetpersistencerat

behavioral2

parallaxagilenetpersistencerat

© 2018-2024

Terms | Privacy