e977ecbe535a71569be5143bb4f1a2868e45e5251903fb2640c1a48dcd18cc9a

General
Target

e977ecbe535a71569be5143bb4f1a2868e45e5251903fb2640c1a48dcd18cc9a

Size

8MB

Sample

211021-llgpaaaher

Score
10 /10
MD5

ccd06635e00d0387499240fba7bc3559

SHA1

37c6ecc5808fa6b73fe8855b0c28cabbe7a69956

SHA256

e977ecbe535a71569be5143bb4f1a2868e45e5251903fb2640c1a48dcd18cc9a

SHA512

dc371226c37b324168652c166b9d532104875b10dc05a7eda522e43a8921a952d4877722268bf4dfe5016d2be88e88c6d8e4f65d8c5c50f708b86b487c94f17d

Malware Config
Targets
Target

e977ecbe535a71569be5143bb4f1a2868e45e5251903fb2640c1a48dcd18cc9a

MD5

ccd06635e00d0387499240fba7bc3559

Filesize

8MB

Score
10 /10
SHA1

37c6ecc5808fa6b73fe8855b0c28cabbe7a69956

SHA256

e977ecbe535a71569be5143bb4f1a2868e45e5251903fb2640c1a48dcd18cc9a

SHA512

dc371226c37b324168652c166b9d532104875b10dc05a7eda522e43a8921a952d4877722268bf4dfe5016d2be88e88c6d8e4f65d8c5c50f708b86b487c94f17d

Tags

Signatures

  • ParallaxRat

    Description

    ParallaxRat is a multipurpose RAT written in MASM.

    Tags

  • ParallaxRat payload

    Description

    Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

  • suricata: ET MALWARE Parallax CnC Response Activity M14

    Description

    suricata: ET MALWARE Parallax CnC Response Activity M14

    Tags

  • Modifies boot configuration data using bcdedit

    Tags

    TTPs

    Inhibit System Recovery
  • Blocklisted process makes network request

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Enumerates connected drives

    Description

    Attempts to read the root path of hard drives other than the default C: drive.

    TTPs

    Query Registry Peripheral Device Discovery System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Execution
      Exfiltration
        Initial Access
          Lateral Movement
            Persistence
              Privilege Escalation