Resubmissions

08-11-2021 13:19

211108-qkhmeacba6 10

General

  • Target

    3800cfc1779229230276e658dc437da44c074712247a23ef3a0543daf86505dc.bin

  • Size

    3.3MB

  • Sample

    211108-qkhmeacba6

  • MD5

    281277343c24ce9611314044e5df610c

  • SHA1

    d531e047d55bc162b3e338aed504c9eff77fde80

  • SHA256

    3800cfc1779229230276e658dc437da44c074712247a23ef3a0543daf86505dc

  • SHA512

    a7e4823e343c7a2f68a67be920edc6209ca441d9ece19339049faf44173d7c252b2928d599b12a8b6d6246149e40910c3f9e6bf045a5b7e4971c705885dc6de9

Malware Config

Targets

    • Target

      3800cfc1779229230276e658dc437da44c074712247a23ef3a0543daf86505dc.bin

    • Size

      3.3MB

    • MD5

      281277343c24ce9611314044e5df610c

    • SHA1

      d531e047d55bc162b3e338aed504c9eff77fde80

    • SHA256

      3800cfc1779229230276e658dc437da44c074712247a23ef3a0543daf86505dc

    • SHA512

      a7e4823e343c7a2f68a67be920edc6209ca441d9ece19339049faf44173d7c252b2928d599b12a8b6d6246149e40910c3f9e6bf045a5b7e4971c705885dc6de9

    • ParallaxRat

      ParallaxRat is a multipurpose RAT written in MASM.

    • ParallaxRat payload

      Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks