General
-
Target
Paralxlax v1.0.7.zip
-
Size
24.5MB
-
Sample
230725-vmh36sec44
-
MD5
d3f66b4ea50de8e14c209c9380981198
-
SHA1
f165a8eadf3d36d51fafc594f5b730f35f4d70dd
-
SHA256
3fb4fc0859021fb29e961f4c7e5f8e16181a22a649feb9ba327a7eb6bb2922ae
-
SHA512
1fbe3417bf9b1f21bbe22339e93e423522d4c199fcead4ebe0343c44ca3d7b25230a604776830391c2adba2c845c2620a9c077a61df7e01dd13551fb15aab358
-
SSDEEP
786432:jgXFshZRpdpCZdGsjPayytg/yiwD1i2l5NxAegUD9:UXFshZz2Gsb7ytN1i23gq9
Static task
static1
Malware Config
Targets
-
-
Target
Paralxlax v1.0.7.zip
-
Size
24.5MB
-
MD5
d3f66b4ea50de8e14c209c9380981198
-
SHA1
f165a8eadf3d36d51fafc594f5b730f35f4d70dd
-
SHA256
3fb4fc0859021fb29e961f4c7e5f8e16181a22a649feb9ba327a7eb6bb2922ae
-
SHA512
1fbe3417bf9b1f21bbe22339e93e423522d4c199fcead4ebe0343c44ca3d7b25230a604776830391c2adba2c845c2620a9c077a61df7e01dd13551fb15aab358
-
SSDEEP
786432:jgXFshZRpdpCZdGsjPayytg/yiwD1i2l5NxAegUD9:UXFshZz2Gsb7ytN1i23gq9
-
ParallaxRat payload
Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-