Static task
static1
Behavioral task
behavioral1
Sample
728087f0de4d37e5a8a4085fbb9e4de2105d8062b84070b2be4e088f5693359b.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
728087f0de4d37e5a8a4085fbb9e4de2105d8062b84070b2be4e088f5693359b.exe
Resource
win10v2004-en-20220113
General
-
Target
728087f0de4d37e5a8a4085fbb9e4de2105d8062b84070b2be4e088f5693359b
-
Size
172KB
-
MD5
b58768f7953caf0ef531e45e46f57a28
-
SHA1
b277dd92baee01d32120f763ffce7067166e4391
-
SHA256
728087f0de4d37e5a8a4085fbb9e4de2105d8062b84070b2be4e088f5693359b
-
SHA512
9391c24113d740aea2b92b9dd4db9de402db34b67d6be30c423a06a8153b66a9b97251e445cc75e9b000becd0c34019472c0370ad69ad2440b2e069aa09459f7
-
SSDEEP
3072:ovfgV8WTMx1Kd98zZk1Zu+7FbqwoN8Q5oNVjIlFLDrr/Ln:ovfm8WTMxK8zZJ4FbqwoN8Q5VbrH
Malware Config
Signatures
-
Parallax family
-
ParallaxRat payload 1 IoCs
Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.
resource yara_rule sample parallax_rat
Files
-
728087f0de4d37e5a8a4085fbb9e4de2105d8062b84070b2be4e088f5693359b.exe windows x86
Code Sign
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 38KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 87KB - Virtual size: 88KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 710B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE