MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8f981c2c2a5ec61765f189e952dd76f4e3d375aec7b8bd941d563b01519769e1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ParallaxRAT

Vendor detections: 3

Intelligence 3 IOCs YARA 1 File information Comments

SHA256 hash:	8f981c2c2a5ec61765f189e952dd76f4e3d375aec7b8bd941d563b01519769e1
SHA3-384 hash:	3568da6838fcbe92e297cf9a39b3cb2380e7d0d21529aea7e0030c910fba4f032bcd6635730196f4030ad7526b27df32
SHA1 hash:	b1bdadd65e032b61cbcc4e21218f1b6a9890a824
MD5 hash:	9ebf61c4901d777bdd92e56742d412b7
humanhash:	mango-wolfram-rugby-enemy
File name:	SecuriteInfo.com.BackDoor.Rat.268.3982.19990
Download:	download sample
Signature	ParallaxRAT Create hunting rule
File size:	107'234 bytes
First seen:	2020-05-04 08:52:28 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
ssdeep	1536:8nM9dx53SCKpUSYuHFq6Mg08qOUp2YHVGL67KJ5PGaxHNHBj:L9dx5CCwUSjUg7pwoLRCaJ
Threatray	18 similar samples on MalwareBazaar
TLSH	94A39E04BB8152B2C584F7FB2C1572C9D39F9B602F63B5173B9A473DB761911AB28B02
Reporter	SecuriteInfoCom
Tags:	ParallaxRAT

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.BackDoor.Rat.268.3982.19990.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Xaparo

Status:

Malicious

First seen:

2020-04-30 14:04:17 UTC

File Type:

PE (Exe)

AV detection:

28 of 31 (90.32%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=r6mbylbkl3dbozprrhuvfxlw6tr5g5noy64l3fa5ky5qcumxnhqq._file

Verdict:

suspicious

ParallaxRAT

4723ab5ed01fb642eb602ff59309d4d698e6011145ca1b757bb223b5a67fe159

ParallaxRAT

505aa5b6bf77290ec7ccdd2b24b8ff8ef779f01d57ad690f632d8b2736f2a8dd

ParallaxRAT

509f5caf90d71205d4e67c01307ac35bffe286e08a3e544f05a38eb72f149a1f

ParallaxRAT

67bd0297c3cec70aff4d67aef73ca59618baceef4ee5801cefe7682fa2725ca7

ParallaxRAT

9257415575d2a485de9787466a10636a920134f18dd617231373173dc88a6a20

ParallaxRAT

a0ed7d0e67e9e7ccddf7e41cd11a81effd829ff27421471d7d303ac0776d6571

ParallaxRAT

b3550779f1211365321210344de50d32f4e0477c2817919474d0bf49574fcd01

ParallaxRAT

b51e81e44593c2c42ae412b692c46be3c6b1e4ac46c951e708618da5919403d3

ParallaxRAT

f37f40245387cf924b4692267251875273ef75ad03fa9f92d73ab021f5c9e307

ParallaxRAT

+ 8 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-5dhrzlkcl2/

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	win_parallax_w0 Create hunting rule
Author:	jeFF0Falltrades

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ParallaxRAT

exe 8f981c2c2a5ec61765f189e952dd76f4e3d375aec7b8bd941d563b01519769e1

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/356746/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample