Overview

overview

10

Static

static

Flight Det...df.vbs

windows7_x64

10

Flight Det...df.vbs

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Flight Details.pdf.vbs

  • Size

    384KB

  • Sample

    201207-zx744arenx

  • MD5

    d3315b0da7cd3e27ce7244317b98b76d

  • SHA1

    c9d7c99326c9a999c65595101525eeefb6f765df

  • SHA256

    efc19d1c7657d51ceacf7a531929fb128c19fc9d1e77dce596a19b37a18b1048

  • SHA512

    10b895d0d087558cdd33142d7ec21f35e2b21910b981f5ca5587d60c4f5881546a043e98435c1a5fa793b1c8dbe2a19651ab25b85ed79e7aafb947e28e597fbb

Score
10/10
parallaxrat

Malware Config

Targets

    • Target

      Flight Details.pdf.vbs

    • Size

      384KB

    • MD5

      d3315b0da7cd3e27ce7244317b98b76d

    • SHA1

      c9d7c99326c9a999c65595101525eeefb6f765df

    • SHA256

      efc19d1c7657d51ceacf7a531929fb128c19fc9d1e77dce596a19b37a18b1048

    • SHA512

      10b895d0d087558cdd33142d7ec21f35e2b21910b981f5ca5587d60c4f5881546a043e98435c1a5fa793b1c8dbe2a19651ab25b85ed79e7aafb947e28e597fbb

    Score
    10/10
    parallaxrat

    • ParallaxRat

      ParallaxRat is a multipurpose RAT written in MASM.

      ratparallax

    • ParallaxRat payload

      Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks