Overview

overview

10

Static

static

3

6ce823abf0...18.exe

windows7-x64

10

6ce823abf0...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6ce823abf08804817553fb0d2b9a00fb_JaffaCakes118

  • Size

    1.8MB

  • Sample

    240524-br81lsgd38

  • MD5

    6ce823abf08804817553fb0d2b9a00fb

  • SHA1

    cc5633d752e27f6179448bb3f8fb855d547e11c0

  • SHA256

    418848721e51cf8490956e11b8eb75444a460fa07b4201be79d9b609e57d5b7d

  • SHA512

    cdb32028fc5320103fc81874a2ff475c56338bf3c933435dcb4ea852279cf32c5c4f43736964fb365c65714e83967b5073b76d603d3b26f27369947d0cc327e4

  • SSDEEP

    24576:cTfEWQMHi9jzdDnAlbV+Qax+Ekedq05uWGcqmGoRiNLVRAeUXsk0+FpIJze:mcW4fpx+RqqHMoLvHgpIJC

Score
10/10
parallaxrat

Malware Config

Targets

    • Target

      6ce823abf08804817553fb0d2b9a00fb_JaffaCakes118

    • Size

      1.8MB

    • MD5

      6ce823abf08804817553fb0d2b9a00fb

    • SHA1

      cc5633d752e27f6179448bb3f8fb855d547e11c0

    • SHA256

      418848721e51cf8490956e11b8eb75444a460fa07b4201be79d9b609e57d5b7d

    • SHA512

      cdb32028fc5320103fc81874a2ff475c56338bf3c933435dcb4ea852279cf32c5c4f43736964fb365c65714e83967b5073b76d603d3b26f27369947d0cc327e4

    • SSDEEP

      24576:cTfEWQMHi9jzdDnAlbV+Qax+Ekedq05uWGcqmGoRiNLVRAeUXsk0+FpIJze:mcW4fpx+RqqHMoLvHgpIJC

    Score
    10/10
    parallaxrat

    • ParallaxRat

      ParallaxRat is a multipurpose RAT written in MASM.

      ratparallax

    • ParallaxRat payload

      Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks