Overview

overview

10

Static

static

Protogent.exe

windows7_x64

10

Protogent.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Protogent.exe

  • Size

    1.9MB

  • Sample

    210201-zhtpxj7v6n

  • MD5

    5431a710d8a0c6bc319125ea7c40efd1

  • SHA1

    ae52c3ea465ced7137948a7be6630231affb94a0

  • SHA256

    1c10a7cf57b58de1cb5d0a6e1369a2cf5dd74fc1593c45b991dde7605ff01486

  • SHA512

    80910c4f85f680877cf59a5ceaea703a459636dd9e473febff1d35c3c0dc5405099ce604b0a9b98847b78b0b7b550b007fdb19a2ed7ab08f9587fdb30724d727

Score
10/10
parallaxransomwarerat

Malware Config

Targets

    • Target

      Protogent.exe

    • Size

      1.9MB

    • MD5

      5431a710d8a0c6bc319125ea7c40efd1

    • SHA1

      ae52c3ea465ced7137948a7be6630231affb94a0

    • SHA256

      1c10a7cf57b58de1cb5d0a6e1369a2cf5dd74fc1593c45b991dde7605ff01486

    • SHA512

      80910c4f85f680877cf59a5ceaea703a459636dd9e473febff1d35c3c0dc5405099ce604b0a9b98847b78b0b7b550b007fdb19a2ed7ab08f9587fdb30724d727

    Score
    10/10
    parallaxransomwarerat

    • ParallaxRat

      ParallaxRat is a multipurpose RAT written in MASM.

      ratparallax

    • ParallaxRat payload

      Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

    • Blocklisted process makes network request

    • Drops startup file

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks