MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ed5215be40b05fe324dfd185a741a48c604215482095e1953bfdad62725c8092. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ParallaxRAT


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ed5215be40b05fe324dfd185a741a48c604215482095e1953bfdad62725c8092
SHA3-384 hash: 92c536a34662019e34245e71367c108031103724c30374c8b89722c9934f920f45adf42435372ae2bc7892c3e47ea110
SHA1 hash: 23d89b15e98b492acc42cef36250054c8edb2a0f
MD5 hash: af33cde314ac49a28a3980c6da3cd910
humanhash: hamper-idaho-sad-double
File name:ed5215be40b05fe324dfd185a741a48c604215482095e1953bfdad62725c8092.exe
Download: download sample
Signature ParallaxRAT
Create hunting rule
File size:3'145'032 bytes
First seen:2020-07-20 16:57:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2feecbe5bc8c08f673355c007a593bde (1 x ParallaxRAT)
ssdeep 49152:JGQjQbSPVAUxKblmaHVWq5OFSmTaVNWjvhUB0pAt:UQ0OAUxKb9HVv+OVEe1
Threatray 605 similar samples on MalwareBazaar
TLSH 8FE57C23B780583ED0AB0B35153BAA75E93FBB612617CD5B57F4088C8FB5190693E24B
Reporter Anonymous
Tags:Parallax ParallaxRAT RAT signed

Code Signing Certificate

Organisation:Unique Digital Services Ltd.
Issuer:Sectigo RSA Code Signing CA
Algorithm:sha256WithRSAEncryption
Valid from:Jul 11 00:00:00 2020 GMT
Valid to:Jul 11 23:59:59 2021 GMT
Serial number: 661BA8F3C9D1B348413484E9A49502F7
MalwareBazaar Blocklist:This certificate is on the MalwareBazaar code signing certificate blocklist (CSCB)
Thumbprint Algorithm:SHA256
Thumbprint: 4CA944C9B69F72BE3E95F385BDBC70FC7CFF4C3EBB76A365BF0AB0126B277B2D
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/29331/
Detection(s):
PUA.Win.Packer.BorlandCpp-9
Create hunting rule

PUA.Win.Adware.Browsefox-6628766-0
Create hunting rule

PUA.Win.Trojan.Generic-6629274-0
Create hunting rule

PUA.Win.Adware.Dealply-6840263-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Launching a process
Transferring files using the Background Intelligent Transfer Service (BITS)
Sending a custom TCP request
Creating a file in the %temp% directory
Deleting a recently created file
Sending an HTTP GET request
Creating a file in the %AppData% subdirectories
Enabling the 'hidden' option for recently created files
Moving a file to the %AppData% subdirectory
Creating a file
Unauthorized injection to a system process
Forced shutdown of a system process
Enabling autorun with Startup directory
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/391918
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ed5215be40b05fe324dfd185a741a48c604215482095e1953bfdad62725c8092/
Threat name:
Win32.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-07-17 15:28:38 UTC
File Type:
PE (Exe)
Extracted files:
25
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
059d904bf8c91b0171aea57256dd335f3a048c2fc3b9e0f2e8b129cac57b1f35
ParallaxRAT
0cb94dd180548e55a02a5a8c75e601816746105eb6c8e62cb53b7fa2cddfa9c6
ParallaxRAT
262e75b938cc8b65820cf4015f33ab3db363eb7a968c23bdd48e7a680d97a9f7
ParallaxRAT
26448f5f651589c5fd39721e68693c8eba2ada59eee363b365b984e90f0a47b0
ParallaxRAT
480e69a305098701404ab144ae64f297e342ca265309dfb7105bbc944aa31cae
ParallaxRAT
5561d008620229638c19ba7e991d22edfd27eef99c5a038510b24950687befd3
ParallaxRAT
9105005851fbf7a7d757109cf697237c0766e6948c7d88089ac6cf25fe1e9b15
ParallaxRAT
9257415575d2a485de9787466a10636a920134f18dd617231373173dc88a6a20
ParallaxRAT
d1d7d8270c7e5545ef984255a425c14f01379aec8cac34f74ebf4e01caf047ff
ParallaxRAT
f83198c03626e0cd56156ebe79ac221f9a875aa32a3a1aa783aba69f1df1e604
ParallaxRAT
+ 595 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200720-f8rj9jjtqe/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ed5215be40b05fe324dfd185a741a48c604215482095e1953bfdad62725c8092

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/VK_Intel/status/1285235210959884290
  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/29331/

Comments