General

  • Target

    fvpn_x86_2.41.exe

  • Size

    2.3MB

  • Sample

    231010-vqtn3seg31

  • MD5

    2f70017be760f9024ed738d660c507d1

  • SHA1

    00b4b1f4220cb4949405db5d6b7f6aac3fc99778

  • SHA256

    dae9032c305a447c81635cfae72e942b411b531c1892c943ac80fa0797b8dc05

  • SHA512

    ace613064ad3ac953365c7aca93b97dcc5d3a6a2fd85961ca6732d880e17a21fba0ee44b1baa813fb1fabe87c24c3e0870cea16eff69ed4e52e6f2cfbbb01e46

  • SSDEEP

    49152:Gq3QscuJsVPCYc80pixEXY2QpvH8ntf9Gion08uT2a:G0nJsVPBcexz2QpvHql9GioU2a

Malware Config

Targets

    • Target

      fvpn_x86_2.41.exe

    • Size

      2.3MB

    • MD5

      2f70017be760f9024ed738d660c507d1

    • SHA1

      00b4b1f4220cb4949405db5d6b7f6aac3fc99778

    • SHA256

      dae9032c305a447c81635cfae72e942b411b531c1892c943ac80fa0797b8dc05

    • SHA512

      ace613064ad3ac953365c7aca93b97dcc5d3a6a2fd85961ca6732d880e17a21fba0ee44b1baa813fb1fabe87c24c3e0870cea16eff69ed4e52e6f2cfbbb01e46

    • SSDEEP

      49152:Gq3QscuJsVPCYc80pixEXY2QpvH8ntf9Gion08uT2a:G0nJsVPBcexz2QpvHql9GioU2a

    • ParallaxRat

      ParallaxRat is a multipurpose RAT written in MASM.

    • ParallaxRat payload

      Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

    • Drops startup file

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v15

Tasks