MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b51e81e44593c2c42ae412b692c46be3c6b1e4ac46c951e708618da5919403d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ParallaxRAT


Vendor detections: 3


Intelligence 3 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b51e81e44593c2c42ae412b692c46be3c6b1e4ac46c951e708618da5919403d3
SHA3-384 hash: e8a2ede98d467c9d9ac9849f113f0728340efa65a139f8dddb05985bc95af8f70f1fdf4dd0a67507f30c01505e0124bd
SHA1 hash: 300e4d06ce151141c8b858c2a752be1fa0d53ad8
MD5 hash: cf04ef7185ddf7d7eb50cdda20987b52
humanhash: california-purple-apart-mountain
File name:cf04ef7185ddf7d7eb50cdda20987b52.exe
Download: download sample
Signature ParallaxRAT
Create hunting rule
File size:1'040'384 bytes
First seen:2020-05-01 10:01:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 122fd9fe5fd35c6068dff87da08657ed (1 x ParallaxRAT)
ssdeep 12288:wUriv0b6YyM9MxD8bzLE9XPhEVE6wAQeuCPlNRr8kgiYsLzAxbq4zGpA:wUrid67E6DhuCPlLrwsnKbYpA
Threatray 46 similar samples on MalwareBazaar
TLSH 4A259E3B4BA56C2ADCBB33FA165115354C786E63340C835272E8236540EF7E36E69BC6
Reporter abuse_ch
Tags:exe ParallaxRAT RAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Crypren
Create hunting rule
Status:
Malicious
First seen:
2020-04-25 13:05:07 UTC
File Type:
PE (Exe)
Extracted files:
17
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wupidzcfspbmikxeck3jfrdl4pdldzfmi3evdzyimgg2lemuapjq._file
Verdict:
suspicious
Similar samples:
2ae1c7a5828344b803f6c5085ff52866be49fc5ec3c3e868d850283a6e8fce59
ParallaxRAT
4723ab5ed01fb642eb602ff59309d4d698e6011145ca1b757bb223b5a67fe159
ParallaxRAT
509f5caf90d71205d4e67c01307ac35bffe286e08a3e544f05a38eb72f149a1f
ParallaxRAT
67bd0297c3cec70aff4d67aef73ca59618baceef4ee5801cefe7682fa2725ca7
ParallaxRAT
76c2929d5ccb9232c3e3b9825bbde0f7fb135a1cdc035297322212b48f1b91c3
ParallaxRAT
8f981c2c2a5ec61765f189e952dd76f4e3d375aec7b8bd941d563b01519769e1
ParallaxRAT
9257415575d2a485de9787466a10636a920134f18dd617231373173dc88a6a20
ParallaxRAT
a0ed7d0e67e9e7ccddf7e41cd11a81effd829ff27421471d7d303ac0776d6571
ParallaxRAT
b3550779f1211365321210344de50d32f4e0477c2817919474d0bf49574fcd01
ParallaxRAT
f37f40245387cf924b4692267251875273ef75ad03fa9f92d73ab021f5c9e307
ParallaxRAT
+ 36 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_parallax_w0
Create hunting rule
Author:jeFF0Falltrades

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ParallaxRAT

Executable exe b51e81e44593c2c42ae412b692c46be3c6b1e4ac46c951e708618da5919403d3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/354984/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
COM_BASE_APICan Download & Execute componentsole32.dll::CoCreateInstance
RAS_APIUses Remote AccessRASAPI32.dll::RasDialA
RASAPI32.dll::RasGetErrorStringA
RASAPI32.dll::RasHangUpA
WIN32_PROCESS_APICan Create Process and ThreadsADVAPI32.dll::OpenProcessToken
KERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::LoadLibraryExA
KERNEL32.dll::GetSystemInfo
KERNEL32.dll::GetStartupInfoW
KERNEL32.dll::GetCommandLineA
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleW
KERNEL32.dll::ReadConsoleW
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleMode
KERNEL32.dll::GetConsoleCP
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateFileW
SHLWAPI.dll::PathRemoveFileSpecW
KERNEL32.dll::GetWindowsDirectoryA
KERNEL32.dll::GetSystemDirectoryA
WIN_BASE_USER_APIRetrieves Account InformationKERNEL32.dll::GetComputerNameA
ADVAPI32.dll::GetUserNameA
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegCreateKeyExA
ADVAPI32.dll::RegDeleteKeyA
ADVAPI32.dll::RegOpenKeyExA
ADVAPI32.dll::RegQueryInfoKeyW
ADVAPI32.dll::RegSetValueExA
WIN_USER_APIPerforms GUI ActionsUSER32.dll::AppendMenuA
USER32.dll::CreateMenu
USER32.dll::EmptyClipboard
USER32.dll::OpenClipboard
USER32.dll::PeekMessageA
USER32.dll::CreateWindowExA

Comments