General

  • Target

    293a83bfe2839bfa6d40fa52f5088e43b62791c08343c3f4dade4f1118000392

  • Size

    2.6MB

  • Sample

    211028-p7hegsbfb8

  • MD5

    12308f01f8fa9f8f8382c6fc4d445476

  • SHA1

    0274eef2d23f42f699964ab1d4d9be3e9a8512d1

  • SHA256

    293a83bfe2839bfa6d40fa52f5088e43b62791c08343c3f4dade4f1118000392

  • SHA512

    b69fe6966d1d6dc5656990f64211107aebc1f423b8d2ba4d1e8bbd4cd7621d54b3abcc62a4bb819a1a2f442703f7c1fde086feeed4fb0fbda0174ae549e3446c

Malware Config

Targets

    • Target

      293a83bfe2839bfa6d40fa52f5088e43b62791c08343c3f4dade4f1118000392

    • Size

      2.6MB

    • MD5

      12308f01f8fa9f8f8382c6fc4d445476

    • SHA1

      0274eef2d23f42f699964ab1d4d9be3e9a8512d1

    • SHA256

      293a83bfe2839bfa6d40fa52f5088e43b62791c08343c3f4dade4f1118000392

    • SHA512

      b69fe6966d1d6dc5656990f64211107aebc1f423b8d2ba4d1e8bbd4cd7621d54b3abcc62a4bb819a1a2f442703f7c1fde086feeed4fb0fbda0174ae549e3446c

    • ParallaxRat

      ParallaxRat is a multipurpose RAT written in MASM.

    • ParallaxRat payload

      Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks