General

  • Target

    d6c31353e7839916fe4792fd8a46e7ba46e414293104ed8e96112c0de70a4876

  • Size

    5.2MB

  • Sample

    211028-p7hegsgdbn

  • MD5

    108a4002c63e362c2d22ebb9f409e94c

  • SHA1

    3f150d1d4f5461306f60d904302cf96cfd3103ef

  • SHA256

    d6c31353e7839916fe4792fd8a46e7ba46e414293104ed8e96112c0de70a4876

  • SHA512

    8ab9feda41bf0f3e19ce130354f47df938bcb4a5ef8a048a8401e899ee9b7b0a997662e8742688fc8fef190f26560e409ecff749cd2743aa8d0d4a0af384bfbc

Malware Config

Targets

    • Target

      d6c31353e7839916fe4792fd8a46e7ba46e414293104ed8e96112c0de70a4876

    • Size

      5.2MB

    • MD5

      108a4002c63e362c2d22ebb9f409e94c

    • SHA1

      3f150d1d4f5461306f60d904302cf96cfd3103ef

    • SHA256

      d6c31353e7839916fe4792fd8a46e7ba46e414293104ed8e96112c0de70a4876

    • SHA512

      8ab9feda41bf0f3e19ce130354f47df938bcb4a5ef8a048a8401e899ee9b7b0a997662e8742688fc8fef190f26560e409ecff749cd2743aa8d0d4a0af384bfbc

    • ParallaxRat

      ParallaxRat is a multipurpose RAT written in MASM.

    • ParallaxRat payload

      Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks