General

  • Target

    SecuriteInfo.com.BackDoor.Rat.457.11176.23459.exe

  • Size

    2.3MB

  • Sample

    231011-nv5tkseg43

  • MD5

    69b85492367598683cc28f7353148a5c

  • SHA1

    e03f54756a9628a142ee2cb2a9190dd1511b5336

  • SHA256

    50390617ca0f0b27057a4447414d7799996b69e615bea931a31d673394d92695

  • SHA512

    658e39b982d48317dd659b5a303b89079f68ccdd1dfcf3fe373cf23ddb71a998627e1966b74e08596635e2ac9056fc372ae16b2c4816ca09fbb7adc62920da32

  • SSDEEP

    49152:Eq3QscuJsVPCYc80pixEXY2QpvH8nzf9Gion08mkCSgo:E0nJsVPBcexz2QpvHqL9GiouSx

Malware Config

Targets

    • Target

      SecuriteInfo.com.BackDoor.Rat.457.11176.23459.exe

    • Size

      2.3MB

    • MD5

      69b85492367598683cc28f7353148a5c

    • SHA1

      e03f54756a9628a142ee2cb2a9190dd1511b5336

    • SHA256

      50390617ca0f0b27057a4447414d7799996b69e615bea931a31d673394d92695

    • SHA512

      658e39b982d48317dd659b5a303b89079f68ccdd1dfcf3fe373cf23ddb71a998627e1966b74e08596635e2ac9056fc372ae16b2c4816ca09fbb7adc62920da32

    • SSDEEP

      49152:Eq3QscuJsVPCYc80pixEXY2QpvH8nzf9Gion08mkCSgo:E0nJsVPBcexz2QpvHqL9GiouSx

    • ParallaxRat

      ParallaxRat is a multipurpose RAT written in MASM.

    • ParallaxRat payload

      Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

    • Drops startup file

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v15

Tasks