General
-
Target
7a03f290d1527d11d034c9da40b7fcdcc351e0664592e1ee975c0dc12b7dfab0
-
Size
510KB
-
Sample
220418-lezxaadag8
-
MD5
9564841aec80fb40ee9c1c431d85e28b
-
SHA1
2e7b383bb344e69fd7168f000b6ba62b4aeec2d7
-
SHA256
7a03f290d1527d11d034c9da40b7fcdcc351e0664592e1ee975c0dc12b7dfab0
-
SHA512
11e1da2d7fb6a5caeae443a0c09b951c4e7557873b3ba346f098ef2a73f285d773e86380bdc66340c350e64e0b66a81e23d725cc13902853a677d7f3d89a7b2c
Static task
static1
Behavioral task
behavioral1
Sample
7a03f290d1527d11d034c9da40b7fcdcc351e0664592e1ee975c0dc12b7dfab0.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
7a03f290d1527d11d034c9da40b7fcdcc351e0664592e1ee975c0dc12b7dfab0
-
Size
510KB
-
MD5
9564841aec80fb40ee9c1c431d85e28b
-
SHA1
2e7b383bb344e69fd7168f000b6ba62b4aeec2d7
-
SHA256
7a03f290d1527d11d034c9da40b7fcdcc351e0664592e1ee975c0dc12b7dfab0
-
SHA512
11e1da2d7fb6a5caeae443a0c09b951c4e7557873b3ba346f098ef2a73f285d773e86380bdc66340c350e64e0b66a81e23d725cc13902853a677d7f3d89a7b2c
-
ParallaxRat payload
Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-