General

  • Target

    7a03f290d1527d11d034c9da40b7fcdcc351e0664592e1ee975c0dc12b7dfab0

  • Size

    510KB

  • Sample

    220418-lezxaadag8

  • MD5

    9564841aec80fb40ee9c1c431d85e28b

  • SHA1

    2e7b383bb344e69fd7168f000b6ba62b4aeec2d7

  • SHA256

    7a03f290d1527d11d034c9da40b7fcdcc351e0664592e1ee975c0dc12b7dfab0

  • SHA512

    11e1da2d7fb6a5caeae443a0c09b951c4e7557873b3ba346f098ef2a73f285d773e86380bdc66340c350e64e0b66a81e23d725cc13902853a677d7f3d89a7b2c

Score
10/10

Malware Config

Targets

    • Target

      7a03f290d1527d11d034c9da40b7fcdcc351e0664592e1ee975c0dc12b7dfab0

    • Size

      510KB

    • MD5

      9564841aec80fb40ee9c1c431d85e28b

    • SHA1

      2e7b383bb344e69fd7168f000b6ba62b4aeec2d7

    • SHA256

      7a03f290d1527d11d034c9da40b7fcdcc351e0664592e1ee975c0dc12b7dfab0

    • SHA512

      11e1da2d7fb6a5caeae443a0c09b951c4e7557873b3ba346f098ef2a73f285d773e86380bdc66340c350e64e0b66a81e23d725cc13902853a677d7f3d89a7b2c

    Score
    10/10
    • ParallaxRat

      ParallaxRat is a multipurpose RAT written in MASM.

    • ParallaxRat payload

      Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks