General

  • Target

    b182e256d8ad049c8387e015c6afa78212afa934691feef178d25b07f40e6c26

  • Size

    19.5MB

  • Sample

    211021-llgpaaahfj

  • MD5

    2710feba607afde5c935bb5183333bbb

  • SHA1

    c22be1aaeb64338a1ca5c26df721a57b2f5909df

  • SHA256

    b182e256d8ad049c8387e015c6afa78212afa934691feef178d25b07f40e6c26

  • SHA512

    3f7bf63e50be3be96f5f658fc8132011700da1dde62c7a63281d44d94f24647eecb0c3da0e6694f2e3f9b42a233f01e67a9d5fe06350f0e27defd63179c24b2f

Malware Config

Targets

    • Target

      b182e256d8ad049c8387e015c6afa78212afa934691feef178d25b07f40e6c26

    • Size

      19.5MB

    • MD5

      2710feba607afde5c935bb5183333bbb

    • SHA1

      c22be1aaeb64338a1ca5c26df721a57b2f5909df

    • SHA256

      b182e256d8ad049c8387e015c6afa78212afa934691feef178d25b07f40e6c26

    • SHA512

      3f7bf63e50be3be96f5f658fc8132011700da1dde62c7a63281d44d94f24647eecb0c3da0e6694f2e3f9b42a233f01e67a9d5fe06350f0e27defd63179c24b2f

    • ParallaxRat

      ParallaxRat is a multipurpose RAT written in MASM.

    • ParallaxRat payload

      Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

    • suricata: ET MALWARE Parallax CnC Response Activity M14

      suricata: ET MALWARE Parallax CnC Response Activity M14

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks