General

  • Target

    Paralxlax v1.0.7.zip

  • Size

    24.5MB

  • Sample

    230725-vmh36sec44

  • MD5

    d3f66b4ea50de8e14c209c9380981198

  • SHA1

    f165a8eadf3d36d51fafc594f5b730f35f4d70dd

  • SHA256

    3fb4fc0859021fb29e961f4c7e5f8e16181a22a649feb9ba327a7eb6bb2922ae

  • SHA512

    1fbe3417bf9b1f21bbe22339e93e423522d4c199fcead4ebe0343c44ca3d7b25230a604776830391c2adba2c845c2620a9c077a61df7e01dd13551fb15aab358

  • SSDEEP

    786432:jgXFshZRpdpCZdGsjPayytg/yiwD1i2l5NxAegUD9:UXFshZz2Gsb7ytN1i23gq9

Score
10/10

Malware Config

Targets

    • Target

      Paralxlax v1.0.7.zip

    • Size

      24.5MB

    • MD5

      d3f66b4ea50de8e14c209c9380981198

    • SHA1

      f165a8eadf3d36d51fafc594f5b730f35f4d70dd

    • SHA256

      3fb4fc0859021fb29e961f4c7e5f8e16181a22a649feb9ba327a7eb6bb2922ae

    • SHA512

      1fbe3417bf9b1f21bbe22339e93e423522d4c199fcead4ebe0343c44ca3d7b25230a604776830391c2adba2c845c2620a9c077a61df7e01dd13551fb15aab358

    • SSDEEP

      786432:jgXFshZRpdpCZdGsjPayytg/yiwD1i2l5NxAegUD9:UXFshZz2Gsb7ytN1i23gq9

    Score
    10/10
    • ParallaxRat

      ParallaxRat is a multipurpose RAT written in MASM.

    • ParallaxRat payload

      Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks