Overview

overview

10

Static

static

3

b0a3836495...b6.exe

windows7-x64

10

b0a3836495...b6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b0a383649505829364efcbf05d137cb6

  • Size

    52KB

  • Sample

    240303-29kc3sbb6s

  • MD5

    b0a383649505829364efcbf05d137cb6

  • SHA1

    94339534d586146aef7d328dd857813251973b34

  • SHA256

    d717c14daab8c2ca198c247568f63fe92448f104588545c9f689603551d0251b

  • SHA512

    0bbd1381a1f5d022c499beacc74db3553e6fb8b05f6499705e9ea66b25ebc14faa98424067365bd30ded69ece1d0bc7eb1db54d2b4ab9c3262a4a0a0b6c336ec

  • SSDEEP

    384:Yiraroxo8brZBJGAvveCnu9wB1jxA4WnAW:YEbvJv490C

Score
10/10
parallaxrat

Malware Config

Targets

    • Target

      b0a383649505829364efcbf05d137cb6

    • Size

      52KB

    • MD5

      b0a383649505829364efcbf05d137cb6

    • SHA1

      94339534d586146aef7d328dd857813251973b34

    • SHA256

      d717c14daab8c2ca198c247568f63fe92448f104588545c9f689603551d0251b

    • SHA512

      0bbd1381a1f5d022c499beacc74db3553e6fb8b05f6499705e9ea66b25ebc14faa98424067365bd30ded69ece1d0bc7eb1db54d2b4ab9c3262a4a0a0b6c336ec

    • SSDEEP

      384:Yiraroxo8brZBJGAvveCnu9wB1jxA4WnAW:YEbvJv490C

    Score
    10/10
    parallaxrat

    • ParallaxRat

      ParallaxRat is a multipurpose RAT written in MASM.

      ratparallax

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks