MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bbe2a604c11442ee74adb7fa17910ca8e5665ab463e4a45b478707faa3a284e4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ParallaxRAT


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bbe2a604c11442ee74adb7fa17910ca8e5665ab463e4a45b478707faa3a284e4
SHA3-384 hash: 2c54b62b5e795f4033c3925335572fc21b8a3343e7dafdf0f1b820db75f58a3fd63b47a23bacfcb7ff91f4871dd297d0
SHA1 hash: 0fd8d900b9a357c189427ad1cde7061f1c75a412
MD5 hash: d149b481ff1994a5d7a3229e1b15ee9b
humanhash: mango-queen-beryllium-helium
File name:bbe2a604c11442ee74adb7fa17910ca8e5665ab463e4a45b478707faa3a284e4
Download: download sample
Signature ParallaxRAT
Create hunting rule
File size:3'099'920 bytes
First seen:2020-07-08 10:49:24 UTC
Last seen:2020-07-08 11:51:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0efb8795a6bea2b8ef41b123049a4a42 (1 x ParallaxRAT)
ssdeep 49152:BygQ3CaqSwqaWCi42t1yX2DFOsZAbVhR1R+kd7j5qV:BTQ3CaqzX9iFt1caAYV
Threatray 22 similar samples on MalwareBazaar
TLSH A6E56C12F213483BC5375A39DC4796E4A828EF503A749D973BA43D8CBF79BC17826246
Reporter JAMESWT_WT
Tags:Parallax ParallaxRAT RAT signed

Code Signing Certificate

Organisation:Kivaliz Prest s.r.l.
Issuer:Sectigo RSA Code Signing CA
Algorithm:sha256WithRSAEncryption
Valid from:May 27 00:00:00 2020 GMT
Valid to:May 27 23:59:59 2021 GMT
Serial number: 9CFBB4C69008821AAACECDE97EE149AB
MalwareBazaar Blocklist:This certificate is on the MalwareBazaar code signing certificate blocklist (CSCB)
Thumbprint Algorithm:SHA256
Thumbprint: 6C7E917A2CC2B2228D6D4A0556BDA6B2DB9F06691749D2715AF9A6A283EC987B
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/23063/
Detection(s):
PUA.Win.Adware.Browsefox-6628766-0
Create hunting rule

PUA.Win.Trojan.Generic-6629274-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Launching a process
DNS request
Sending a custom TCP request
Unauthorized injection to a system process
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bbe2a604c11442ee74adb7fa17910ca8e5665ab463e4a45b478707faa3a284e4/
Threat name:
Win32.Backdoor.Parlrat
Create hunting rule
Status:
Malicious
First seen:
2020-06-17 13:14:17 UTC
File Type:
PE (Exe)
Extracted files:
212
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xprkmbgbcrbo45fnw75bpeimvdswmwvumpskiw2hq4d7vi5cqtsa._file
Verdict:
malicious
Similar samples:
002b81b464fe41cfe17a2a59fdcea647ea5af9e8bfcbfc78ae4fc4c076765629
ParallaxRAT
0cb94dd180548e55a02a5a8c75e601816746105eb6c8e62cb53b7fa2cddfa9c6
ParallaxRAT
4723ab5ed01fb642eb602ff59309d4d698e6011145ca1b757bb223b5a67fe159
ParallaxRAT
505aa5b6bf77290ec7ccdd2b24b8ff8ef779f01d57ad690f632d8b2736f2a8dd
ParallaxRAT
509f5caf90d71205d4e67c01307ac35bffe286e08a3e544f05a38eb72f149a1f
ParallaxRAT
9257415575d2a485de9787466a10636a920134f18dd617231373173dc88a6a20
ParallaxRAT
95e512f980e10547b613b0ee9fde0e49716e338cdf16e9b50956e0b3a807ad20
ParallaxRAT
b3550779f1211365321210344de50d32f4e0477c2817919474d0bf49574fcd01
ParallaxRAT
bc2cea17da33c23edbb0c86ab00b3ec3b4a2f4da84fb075922e41b7bf6b654f0
ParallaxRAT
c62e5304821abc306872ea97c88a8d7dc800f7b63380b2cf89153c639de4704c
ParallaxRAT
+ 12 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/200708-dta7fhbr52/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Drops startup file
Drops startup file
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_parallax_w0
Create hunting rule
Author:jeFF0Falltrades

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/VK_Intel/status/1275997504702689282?s=20
Cape
Cape
https://www.capesandbox.com/analysis/23063/

Comments