General

  • Target

    8c92dfd98d0da124299b28d92ad7b50d6b622e6078992df74a5e7b41261ad008.bin

  • Size

    6.0MB

  • Sample

    211102-jd44haghdl

  • MD5

    36439a5f029df1777b51a34bd454b9d2

  • SHA1

    66ab3a5c3f35fad196b07bc91930bcc171b0132f

  • SHA256

    8c92dfd98d0da124299b28d92ad7b50d6b622e6078992df74a5e7b41261ad008

  • SHA512

    e412f202184412e39e8fed102b042c68e7b65eeb6545096481db3e62e5dfdf641031736f616e1cf7e61e59705473af37a1e7c0c13762cbdc5a6aa5acaace8da9

Malware Config

Targets

    • Target

      8c92dfd98d0da124299b28d92ad7b50d6b622e6078992df74a5e7b41261ad008.bin

    • Size

      6.0MB

    • MD5

      36439a5f029df1777b51a34bd454b9d2

    • SHA1

      66ab3a5c3f35fad196b07bc91930bcc171b0132f

    • SHA256

      8c92dfd98d0da124299b28d92ad7b50d6b622e6078992df74a5e7b41261ad008

    • SHA512

      e412f202184412e39e8fed102b042c68e7b65eeb6545096481db3e62e5dfdf641031736f616e1cf7e61e59705473af37a1e7c0c13762cbdc5a6aa5acaace8da9

    • ParallaxRat

      ParallaxRat is a multipurpose RAT written in MASM.

    • ParallaxRat payload

      Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks