Extracted

• • Target

    ope.lnk

  • Size

    1KB

  • MD5

    01592e5afe616e5f7c25b99ada26c3d6

  • SHA1

    001fdc71455bf6501f4ce6c6fe87c242ab62ba64

  • SHA256

    5a39aad1904070d45d1b6d13b792742675de4ddadcc0ca07cc9958b949b5bde1

  • SHA512

    1d1a058b6729c466aba28f300a775b232cff83465b8a1577ff8104bf6de690cc886e9cdb4d498553165d47812712a3e80a246faf95508c0d022cdf4e8678ee09

  Score

  10^/10

  parallaxcollectionratspywarestealer

  • ParallaxRat

    ParallaxRat is a multipurpose RAT written in MASM.

    ratparallax

  • ParallaxRat payload

    Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection
  behavioral1