parallax | c183d00cdf9f69f815e28277f5aed7503c41c6c77d8351fd1cd38d3f3144d339 | Triage

Sharing

General

Target

c183d00cdf9f69f815e28277f5aed7503c41c6c77d8351fd1cd38d3f3144d339
Size

19.5MB
Sample

211021-ll45ksaba4
MD5

6374c01ed81cea712fe61d0774521ac3
SHA1

6a2957d427b9ca85f58266564951e6e56da89566
SHA256

c183d00cdf9f69f815e28277f5aed7503c41c6c77d8351fd1cd38d3f3144d339
SHA512

4a85f10a54a8721d09e2ba9171882c53b83bdb9c87ad3ec84877f7a34d6007b6d12cfe0d9a8b48d41ac9054a3d78781a4fd299def96ff0927917b4d5c4bcab83

Score

10^/10

parallax rat spyware stealer

Malware Config

Targets

- Target
  
  c183d00cdf9f69f815e28277f5aed7503c41c6c77d8351fd1cd38d3f3144d339
- Size
  
  19.5MB
- MD5
  
  6374c01ed81cea712fe61d0774521ac3
- SHA1
  
  6a2957d427b9ca85f58266564951e6e56da89566
- SHA256
  
  c183d00cdf9f69f815e28277f5aed7503c41c6c77d8351fd1cd38d3f3144d339
- SHA512
  
  4a85f10a54a8721d09e2ba9171882c53b83bdb9c87ad3ec84877f7a34d6007b6d12cfe0d9a8b48d41ac9054a3d78781a4fd299def96ff0927917b4d5c4bcab83
Score

10^/10

parallax rat spyware stealer
- ParallaxRat
  ParallaxRat is a multipurpose RAT written in MASM.
  rat parallax
- ParallaxRat payload
  Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

parallaxratspywarestealer