General

  • Target

    2793e5e5c6dabf88d5bebe53dd5a5bd8ecad007d290dd64901a6fc06cb439233

  • Size

    131KB

  • Sample

    220206-n9d96saac2

  • MD5

    1538a7e26ee76f01d4db6c37f66223a8

  • SHA1

    4c547aa3f4e4008f9463957c846266a8f6645677

  • SHA256

    2793e5e5c6dabf88d5bebe53dd5a5bd8ecad007d290dd64901a6fc06cb439233

  • SHA512

    c93f9bb26532a35a1a5b4166218be1d28e1c4b10ddf15cb65108eb532c6d1817a2b0120bd9e5d5ab3464f8af7f146cf524bc36757665316dba2b469518a0c4ec

Malware Config

Targets

    • Target

      2793e5e5c6dabf88d5bebe53dd5a5bd8ecad007d290dd64901a6fc06cb439233

    • Size

      131KB

    • MD5

      1538a7e26ee76f01d4db6c37f66223a8

    • SHA1

      4c547aa3f4e4008f9463957c846266a8f6645677

    • SHA256

      2793e5e5c6dabf88d5bebe53dd5a5bd8ecad007d290dd64901a6fc06cb439233

    • SHA512

      c93f9bb26532a35a1a5b4166218be1d28e1c4b10ddf15cb65108eb532c6d1817a2b0120bd9e5d5ab3464f8af7f146cf524bc36757665316dba2b469518a0c4ec

    • ParallaxRat

      ParallaxRat is a multipurpose RAT written in MASM.

    • ParallaxRat payload

      Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks