parallax | 8219311bc99c105c1edc420fbcd2067ea839b499248e1c45b31596161a76c4c4 | Triage

Submit
Reports

Overview

overview

Static

static

8219311bc9...c4.exe

windows7-x64

8219311bc9...c4.exe

windows10-2004-x64

Sharing

General

Target

8219311bc99c105c1edc420fbcd2067ea839b499248e1c45b31596161a76c4c4
Size

1.4MB
Sample

221201-jh8mgsgd62
MD5

c9ddc48f08e3678e2a4e65d4951dc261
SHA1

7b2e70ecdf86e9461f0cb4e6aeb37cae893bcfa5
SHA256

8219311bc99c105c1edc420fbcd2067ea839b499248e1c45b31596161a76c4c4
SHA512

cfa8b15fa6df43f47a63085382f18c8f2a9f170781c54c52f4ca584924c601f7664ea113ee2b103fd3e288179cc709b0fee1830c9cea868400c28c32fbb43825
SSDEEP

24576:jxdW2AUOoj6Rc4FoweN2vtUm5a4j06/b9y8lDbe+Eltpe3f:dZA4BEoZsh5ayFy8lU6f

Score

10^/10

parallax persistence rat upx

Static task

static1

Behavioral task

behavioral1

Sample

8219311bc99c105c1edc420fbcd2067ea839b499248e1c45b31596161a76c4c4.exe

Resource

win7-20221111-en

parallax persistence rat upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

8219311bc99c105c1edc420fbcd2067ea839b499248e1c45b31596161a76c4c4.exe

Resource

win10v2004-20220901-en

parallax persistence rat upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  8219311bc99c105c1edc420fbcd2067ea839b499248e1c45b31596161a76c4c4
- Size
  
  1.4MB
- MD5
  
  c9ddc48f08e3678e2a4e65d4951dc261
- SHA1
  
  7b2e70ecdf86e9461f0cb4e6aeb37cae893bcfa5
- SHA256
  
  8219311bc99c105c1edc420fbcd2067ea839b499248e1c45b31596161a76c4c4
- SHA512
  
  cfa8b15fa6df43f47a63085382f18c8f2a9f170781c54c52f4ca584924c601f7664ea113ee2b103fd3e288179cc709b0fee1830c9cea868400c28c32fbb43825
- SSDEEP
  
  24576:jxdW2AUOoj6Rc4FoweN2vtUm5a4j06/b9y8lDbe+Eltpe3f:dZA4BEoZsh5ayFy8lU6f
Score

10^/10

parallax persistence rat upx
- ParallaxRat
  ParallaxRat is a multipurpose RAT written in MASM.
  rat parallax
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

parallaxpersistenceratupx

behavioral2

parallaxpersistenceratupx

© 2018-2024

Terms | Privacy