Overview

overview

10

Static

static

FireFoxExtension.exe

windows7_x64

10

FireFoxExtension.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FireFoxExtension.exe

  • Size

    19.5MB

  • Sample

    210928-lq26sabdh2

  • MD5

    2e309f6569ad98bc9dda1178dbcf6296

  • SHA1

    4c07d69e84935842ac2ce9a8ded577f1fc17280c

  • SHA256

    bc2d39c8020a92de04d4a0749449595c2317d76dc607c56d2c26edf5fa3ef004

  • SHA512

    c87bd9836ad2ec45e4192af135d23a5352b3b9331f813902e2f3627a8c913a1afb9c9eb1cb2b8089f236ce971b457a15e15b2c0b41aa5a8aa7cb92d9099f1b81

Score
10/10
parallaxratspywarestealer

Malware Config

Targets

    • Target

      FireFoxExtension.exe

    • Size

      19.5MB

    • MD5

      2e309f6569ad98bc9dda1178dbcf6296

    • SHA1

      4c07d69e84935842ac2ce9a8ded577f1fc17280c

    • SHA256

      bc2d39c8020a92de04d4a0749449595c2317d76dc607c56d2c26edf5fa3ef004

    • SHA512

      c87bd9836ad2ec45e4192af135d23a5352b3b9331f813902e2f3627a8c913a1afb9c9eb1cb2b8089f236ce971b457a15e15b2c0b41aa5a8aa7cb92d9099f1b81

    Score
    10/10
    parallaxratspywarestealer

    • ParallaxRat

      ParallaxRat is a multipurpose RAT written in MASM.

      ratparallax

    • ParallaxRat payload

      Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks