MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 978a48a2dabf47b1f89f176583063b5b52f68ef81dc48e6f4acf38a16ef3680f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ParallaxRAT

Vendor detections: 7

Intelligence 7 IOCs YARA 1 File information Comments

SHA256 hash:	978a48a2dabf47b1f89f176583063b5b52f68ef81dc48e6f4acf38a16ef3680f
SHA3-384 hash:	557a7eb629fc46e21a68d68518f3e6a94893fadcf683a8925d3022c01a4f49108d3d9de62497d8cf4e1cafb430630c70
SHA1 hash:	f316f26720a06f7698e2ad6bb6e5bb64bfd602ef
MD5 hash:	e83b5f2b03ffe236917d448f42937528
humanhash:	indigo-virginia-vegan-undress
File name:	e83b5f2b03ffe236917d448f42937528.exe
Download:	download sample
Signature	ParallaxRAT Create hunting rule
File size:	510'512 bytes
First seen:	2021-03-17 08:11:59 UTC
Last seen:	2021-03-17 09:31:16 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	425c54b6507d90a6e2c9eaf3ecf04a80 (4 x ParallaxRAT)
ssdeep	12288:gqFIlDHGjf9HdagGizzBwQQGPJM5r6rC25NRHQTqW:9Wsjf9GizzBwx185NRwTqW
Threatray	448 similar samples on MalwareBazaar
TLSH	15B48C31A6968371F2EE00FF0DB5B56449E57831A2E1B3F9BF85897CD930651DBB8202
Reporter	abuse_ch
Tags:	exe ParallaxRAT

Intelligence

File Origin

# of uploads :

# of downloads :

116

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

e83b5f2b03ffe236917d448f42937528.exe

Verdict:

Suspicious activity

Analysis date:

2021-03-17 09:14:54 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/f5051f1a-89e5-470a-9a96-9b5f73393b7a

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

SecuriteInfo.com.Backdoor.Xaparo.Win32.72.6914.9647.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/642014

Signature

Multi AV Scanner detection for submitted file

Tries to detect virtualization through RDTSC time measurements

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/978a48a2dabf47b1f89f176583063b5b52f68ef81dc48e6f4acf38a16ef3680f/

Threat name:

Win32.Backdoor.Generic

Status:

Suspicious

First seen:

2021-03-17 08:12:11 UTC

AV detection:

8 of 47 (17.02%)

Threat level:

5/5

Verdict:

unknown

ParallaxRAT

21ba0bed0b05a2ce68496e73a5c103fb5b815ac2c77e997f46e5d09666c1c978

ParallaxRAT

3d3095586bf72d6b631e44681654c68707a6f07987b02e367e7d88ac9ddab77c

ParallaxRAT

411e56b415d4c23a741958c3f1ada72b3e958c078d27c339678bb690b7a895c3

ParallaxRAT

4ce173da12efcf686dd4a7fec6678fc6c0e2cae352a3dd327bdfa478c18589e4

ParallaxRAT

786e182e324b83c59ad1b095f7d520598a1b72cfce239b4274d462c7ba45bf18

ParallaxRAT

aa9692c1769e25297176b847f4274570c56c4d74f4577608bd036e72d82d5bdb

ParallaxRAT

af05a9b5f7ed6483d7f10ea0e521e0a15fd90d224ca04a9665991ab630a54991

ParallaxRAT

b7d74de8e9514ca3fbfa4676be4433069bc913f86953a79d40c6272d5077242c

ParallaxRAT

b8ae844621bf21969ca7070937f91101ca4f7277917979ad9d4a4ac43d6e5fad

ParallaxRAT

+ 438 additional samples on MalwareBazaar

Result

Malware family:

parallax

Score:

10/10

Tags:

family:parallax rat

Link:

https://tria.ge/reports/210317-ctxhwq2z1j/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

ParallaxRat

ParallaxRat payload

Unpacked files

SH256 hash:

978a48a2dabf47b1f89f176583063b5b52f68ef81dc48e6f4acf38a16ef3680f

MD5 hash:

e83b5f2b03ffe236917d448f42937528

SHA1 hash:

f316f26720a06f7698e2ad6bb6e5bb64bfd602ef

Link:

https://www.unpac.me/results/7a458f10-411a-4539-99b7-2e5e3a3fba99/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.80

Link:

https://yomi.yoroi.company/submissions/978a48a2dabf47b1f89f176583063b5b52f68ef81dc48e6f4acf38a16ef3680f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	INDICATOR_SUSPICIOUS_Stomped_PECompilation_Timestamp_InTheFuture Create hunting rule
Author:	ditekSHen
Description:	Detect executables with stomped PE compilation timestamp that is greater than local current time

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ParallaxRAT

exe 978a48a2dabf47b1f89f176583063b5b52f68ef81dc48e6f4acf38a16ef3680f

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1072569/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample