Overview

overview

10

Static

static

418848721e...7d.exe

windows7_x64

10

418848721e...7d.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    418848721e51cf8490956e11b8eb75444a460fa07b4201be79d9b609e57d5b7d

  • Size

    1.8MB

  • Sample

    220520-z1tjaaddc5

  • MD5

    6ce823abf08804817553fb0d2b9a00fb

  • SHA1

    cc5633d752e27f6179448bb3f8fb855d547e11c0

  • SHA256

    418848721e51cf8490956e11b8eb75444a460fa07b4201be79d9b609e57d5b7d

  • SHA512

    cdb32028fc5320103fc81874a2ff475c56338bf3c933435dcb4ea852279cf32c5c4f43736964fb365c65714e83967b5073b76d603d3b26f27369947d0cc327e4

Score
10/10
parallaxrat

Malware Config

Targets

    • Target

      418848721e51cf8490956e11b8eb75444a460fa07b4201be79d9b609e57d5b7d

    • Size

      1.8MB

    • MD5

      6ce823abf08804817553fb0d2b9a00fb

    • SHA1

      cc5633d752e27f6179448bb3f8fb855d547e11c0

    • SHA256

      418848721e51cf8490956e11b8eb75444a460fa07b4201be79d9b609e57d5b7d

    • SHA512

      cdb32028fc5320103fc81874a2ff475c56338bf3c933435dcb4ea852279cf32c5c4f43736964fb365c65714e83967b5073b76d603d3b26f27369947d0cc327e4

    Score
    10/10
    parallaxrat

    • ParallaxRat

      ParallaxRat is a multipurpose RAT written in MASM.

      ratparallax

    • ParallaxRat payload

      Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks