MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8d6e17c9b63c736c6380bc367b09572c9adc95e916c275296d0692a81191f242. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ParallaxRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8d6e17c9b63c736c6380bc367b09572c9adc95e916c275296d0692a81191f242
SHA3-384 hash: f30214be1205022e90d0e78dedc1b2f594ec303769e45c6ff60297a7659c4595db24d1ea044e3b1d329c623b92adb814
SHA1 hash: 6ed684a8fbb8d317e2c7ac00db284af35431510a
MD5 hash: 5fcb322ff0ed7eabe10145fa4cf78768
humanhash: oscar-hydrogen-potato-idaho
File name:packing list.xlsx.zip
Download: download sample
Signature ParallaxRAT
Create hunting rule
File size:411'503 bytes
First seen:2020-10-16 10:22:40 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:35yC0vNljyc3VKLrHLzhyLkaasqUdbXaAMwQr3/fhzbcu8nGa4/XZhdm7Q:wCCNlOc3uHPULkeqUdDf+T/flbzaYBT
TLSH 4E9423A8ACC17EA57BFF878B168F9B72142281E316F231D1230315E588558FE5D8CDC6
Reporter abuse_ch
Tags:ParallaxRAT RAT zip


Avatar
abuse_ch
Malspam distributing ParallaxRAT:

HELO: vps61348.inmotionhosting.com
Sending IP: 104.152.110.49
From: Angela Benett <Angela.Benett@aircharter.co.uk>
Reply-To: Angela Benett <kimjoy001@gmail.com>
Subject: urgent charter request
Attachment: packing list.xlsx.zip (contains "packing list.xlsx.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8d6e17c9b63c736c6380bc367b09572c9adc95e916c275296d0692a81191f242/
Threat name:
Win32.Trojan.CoinMiner
Create hunting rule
Status:
Malicious
First seen:
2020-10-15 17:50:40 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rvxbpsnwhrzwyy4axq3hwckxfsnnzfpjc3bhkklna2jkqemr6jba._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8d6e17c9b63c736c6380bc367b09572c9adc95e916c275296d0692a81191f242

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ParallaxRAT

zip 8d6e17c9b63c736c6380bc367b09572c9adc95e916c275296d0692a81191f242

(this sample)

ParallaxRAT

Executable exe 464b01b713a4c97b736dae0ea19855e97a172e7c11e9f7fe9ac0e054326c340c

  
Dropping
MD5 4d0a93f479c185879347cff75337de5f
  
Dropping
ParallaxRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 464b01b713a4c97b736dae0ea19855e97a172e7c11e9f7fe9ac0e054326c340c

Comments