MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bd4d52cc6d6a213f9582edcf7d40664e4804f495bb6a6bfd0fc06be4a2b832d4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ParallaxRAT


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bd4d52cc6d6a213f9582edcf7d40664e4804f495bb6a6bfd0fc06be4a2b832d4
SHA3-384 hash: 7504f1d993dff147a6b5d92c574b6406081bc93a21516a6286bd4195db000f0fc2807342aa961a3f517201c715156cac
SHA1 hash: f9a5e44e563b1794477e70d1a0f368cc489a2d3c
MD5 hash: 3fbf2dadf2ae2aa59c175683a54f315e
humanhash: lemon-cardinal-jig-romeo
File name:bd4d52cc6d6a213f9582edcf7d40664e4804f495bb6a6bfd0fc06be4a2b832d4
Download: download sample
Signature ParallaxRAT
Create hunting rule
File size:2'515'152 bytes
First seen:2021-11-10 10:20:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4b1f5b6052bd7d2ca5a4960e2cf02df7 (2 x ParallaxRAT)
ssdeep 49152:s9g5vXQAx+v7CfC3OJhC2KE4TKDhIsNL8IX+b4Uaw6Q+kbKsEKr:s9gxQA+KC3OWJcDhIsh8IX+braw6Q7bV
Threatray 38 similar samples on MalwareBazaar
TLSH T1ECC59E2136584E72C1220DB3B958F335B2AD69310B3745C7D2E4AB1C7F71186BA1AE6F
dhash icon 71e0c4884eecec71 (1 x ParallaxRAT, 1 x LummaStealer)
Reporter JAMESWT_WT
Tags:51.195.57.232 exe GLG Rental ApS ParallaxRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
157
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Parallax
Create hunting rule
Link:
https://www.capesandbox.com/analysis/204682/
Detection(s):
SecuriteInfo.com.Variant.Razy.813030.10043.8272.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
greyware keylogger overlay packed
Link:
https://www.filescan.io/uploads/618b9d12dec3347825a11f23/reports/05cca848-7d92-458b-905f-e6c33acad635/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Parallax RAT
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a7f2931b-7420-4231-9495-564ad64a3544
Result
Threat name:
Parallax RAT
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/886620
Signature
Allocates memory in foreign processes
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found hidden mapped module (file has been removed from disk)
Malicious sample detected (through community Yara rule)
Maps a DLL or memory area into another process
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Sigma detected: Suspect Svchost Activity
Sigma detected: Suspicious Svchost Process
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Tries to detect virtualization through RDTSC time measurements
Writes to foreign memory regions
Yara detected Parallax RAT
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bd4d52cc6d6a213f9582edcf7d40664e4804f495bb6a6bfd0fc06be4a2b832d4/
Threat name:
Win32.Spyware.Solmyr
Create hunting rule
Status:
Malicious
First seen:
2021-03-28 17:06:00 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
0cfa9021ddabb0a9f3306397234f3f19ce70da1082b4291bfe9477c974aebbec
ParallaxRAT
26ba40a83c4dd2e31ae8d1cd1595cc9723cad21a4ee2f7c54d422350bce7effb
ParallaxRAT
645dbb6df97018fafb4285dc18ea374c721c86349cb75494c7d63d6a6afc27e6
ParallaxRAT
6f522cc6adbe791575df40a518ba10c89cb54af0d849be0841b036b05d441fa9
ParallaxRAT
abba8d0990bb52ecc9c282ca8e98e83076fbd5d86afe2efecdbc236a5c610de8
ParallaxRAT
cb55e00c2fc38e06759379f12f6ab27310d6b61f27a3c510549f326afb17d0e9
ParallaxRAT
d327f4e4f6c73e96c204d77355171ca6fd7b29c54b234f0bdf97398e04179edc
ParallaxRAT
d62d2888067b3dab7d93cba362202c4a17c086c531949b071f9758866b4c9d6b
ParallaxRAT
d8a0ad3d3b54d49dea84a6ac1d38082c5ba246d13c9060543cff213fc3dc5260
ParallaxRAT
ebf0083ad227764b7963171f0c2d156f56ad5a5835ce1a74e3c85b4902b04695
ParallaxRAT
+ 28 additional samples on MalwareBazaar
Result
Malware family:
parallax
Create hunting rule
Score:
  10/10
Tags:
family:parallax rat suricata
Link:
https://tria.ge/reports/211110-mdncjadhgp/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
ParallaxRat
ParallaxRat payload
suricata: ET MALWARE Parallax CnC Response Activity M14
Unpacked files
SH256 hash:
bd4d52cc6d6a213f9582edcf7d40664e4804f495bb6a6bfd0fc06be4a2b832d4
MD5 hash:
3fbf2dadf2ae2aa59c175683a54f315e
SHA1 hash:
f9a5e44e563b1794477e70d1a0f368cc489a2d3c
Link:
https://www.unpac.me/results/8ff0a72b-d7b4-4eb1-a831-16d51ca3c518/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Parallax RAT
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bd4d52cc6d6a213f9582edcf7d40664e4804f495bb6a6bfd0fc06be4a2b832d4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/204682/

Comments