MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3dc57b8c1b003726285ee72400d7d0f841d42d0457febe98eb67215fbc9e2654. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ParallaxRAT

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	3dc57b8c1b003726285ee72400d7d0f841d42d0457febe98eb67215fbc9e2654
SHA3-384 hash:	c53ec0d0b5fba2176cffa084e8576a6aa3e391a929ba53d489b34fb5ac05622ab84750626a1b9666bd164f1e936d7ca7
SHA1 hash:	063628db0dab74df343232a6670ee477d29e1219
MD5 hash:	4866d86370233b82ff2b0017221c57e2
humanhash:	angel-florida-diet-ohio
File name:	3dc57b8c1b003726285ee72400d7d0f841d42d0457febe98eb67215fbc9e2654
Download:	download sample
Signature	ParallaxRAT Create hunting rule
File size:	7'458'736 bytes
First seen:	2021-10-06 13:12:45 UTC
Last seen:	2021-10-06 13:48:33 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	5a594319a0d69dbc452e748bcf05892e (21 x ParallaxRAT, 20 x Gh0stRAT, 15 x NetSupport)
ssdeep	196608:NNyz8XyEa/pXBG8SzdQTRRG1iGuEs2F+c:NNyzZpXBG8SdQTmAG9F+c
Threatray	190 similar samples on MalwareBazaar
TLSH	T11576233FF268A43EC4AA0A3245B3C250597BBA65781A8C1E07FC394DDF765700E3E656
dhash icon	5050d270cccc82ae (109 x Adware.Generic, 43 x LummaStealer, 42 x OffLoader)
Reporter	JAMESWT_WT
Tags:	A & R Maxim s.r.o. A e R Maxim s.r.o. exe ParallaxRAT RAT

Intelligence

File Origin

# of uploads :

# of downloads :

324

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

3dc57b8c1b003726285ee72400d7d0f841d42d0457febe98eb67215fbc9e2654

Verdict:

Suspicious activity

Analysis date:

2021-10-06 13:19:59 UTC

Tags:

installer

Link:

https://app.any.run/tasks/63975c33-7335-49f0-bd22-453e732a682d

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/195478/

Detection(s):

PUA.Win.Packer.Exe-6

Result

Verdict:

Malware

Maliciousness:

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

overlay packed

Link:

https://www.filescan.io/uploads/615da0e0e3d213d202b8852d/reports/4747f11b-e405-4a5a-b137-d01676f6d345/overview

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/d3611aec-82e0-4e4a-863a-16f6f7dc6834

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3dc57b8c1b003726285ee72400d7d0f841d42d0457febe98eb67215fbc9e2654/

Threat name:

Win32.Downloader.Penguish

Status:

Malicious

First seen:

2021-09-02 17:14:55 UTC

AV detection:

17 of 28 (60.71%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=hxcxxda3aa3smkc644sabv6q7ba5iliek77l5ghlm4qv7pe6ezka._file

Verdict:

malicious

ParallaxRAT

389c556e30252966f34f1bc23348e182af2c0883771f9c8abe299a8ba54b1f6a

ParallaxRAT

66dfb7c408d734edc2967d50244babae27e4268ea93aa0daa5e6bbace607024c

ParallaxRAT

88c109e8bca8a35c02efa6ce6f27bb714d16623382cd8181011e8776c5f017a5

ParallaxRAT

dd2b6e5b02de97b7888bb22135c2c9771c6a2477a59e96463141c36d30e80fbb

ParallaxRAT

df3dabd031184b67bab7043baaae17061c21939d725e751c0a6f6b7867d0cf34

ParallaxRAT

+ 180 additional samples on MalwareBazaar

Result

Malware family:

parallax

Score:

10/10

Tags:

family:parallax rat upx

Link:

https://tria.ge/reports/211006-qf3rsabbd4/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Suspicious use of WriteProcessMemory

Drops file in Windows directory

Loads dropped DLL

Blocklisted process makes network request

Executes dropped EXE

UPX packed file

ParallaxRat

ParallaxRat payload

Unpacked files

SH256 hash:

4daf3a4d3d7a213e86e667f66ec57fd81d0a833ee161be5db63ce5af48e4a5b7

MD5 hash:

448a6f10fc2629c90d3004cdf9a66615

SHA1 hash:

eec69ae3ddc6af27de19eebf1aca98ef5070dc62

Link:

https://www.unpac.me/results/c8277055-321a-4f9b-b222-9fce49e8ed1e/

SH256 hash:

ab209544ea6f87e294a705e8e370f015141b53cdf61d3f82779cb8ea3782018c

MD5 hash:

9fce40e0a36054ca80855baa1e57b8b7

SHA1 hash:

fbbed301eb77b2bda312c528df46574ed2af9fb0

Link:

https://www.unpac.me/results/c8277055-321a-4f9b-b222-9fce49e8ed1e/

SH256 hash:

f9da1dd8f086e5baf900ae2d9f64a408c7a2e97ff18ff0c9ce2d367088663cae

MD5 hash:

96fad8da2c6f71cccebe8f1325e28609

SHA1 hash:

863de78fb4ab87ee87a3635229a6d8aee3b0d058

Detections:

win_houdini_auto

Link:

https://www.unpac.me/results/c8277055-321a-4f9b-b222-9fce49e8ed1e/

Parent samples :

88c109e8bca8a35c02efa6ce6f27bb714d16623382cd8181011e8776c5f017a5
3dc57b8c1b003726285ee72400d7d0f841d42d0457febe98eb67215fbc9e2654
7cac5beac0a313ef0a69af7c694c87692deb59d7d90839f79c4a20213d7f03e5
efeae42fa3e5f7e5b088384977e2cfc9296e26c53437c138c4e711a8815eaed1

SH256 hash:

71373d1cee2efc6c9857c780dd7232cf6a9fc7d956f9433238b74fab79109c43

MD5 hash:

49196cd6b3699a0d771226f46811d238

SHA1 hash:

48bc92f4da6945240a8456195487fd03fa41391b

Link:

https://www.unpac.me/results/c8277055-321a-4f9b-b222-9fce49e8ed1e/

SH256 hash:

30098bbeac856f031f26c3fbcc43e579cde33bbde476b798f060987782cd21f3

MD5 hash:

7fc45182667dfce2ae187002f7f6cf90

SHA1 hash:

214e2672ae1082dd699244f68999761c07ed906c

Link:

https://www.unpac.me/results/c8277055-321a-4f9b-b222-9fce49e8ed1e/

SH256 hash:

3dc57b8c1b003726285ee72400d7d0f841d42d0457febe98eb67215fbc9e2654

MD5 hash:

4866d86370233b82ff2b0017221c57e2

SHA1 hash:

063628db0dab74df343232a6670ee477d29e1219

Link:

https://www.unpac.me/results/c8277055-321a-4f9b-b222-9fce49e8ed1e/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/3dc57b8c1b00/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.09

Link:

https://yomi.yoroi.company/submissions/3dc57b8c1b003726285ee72400d7d0f841d42d0457febe98eb67215fbc9e2654

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/195478/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample