← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Nearly undetectable Qarallax RAT spreading via spam
WHITE AlienVault 2018-01-04 Modified: 2018-01-04
15
IOCs
MEDIUM VOLUME
Qarallax is a RAT (remote access tool) and infostealer. This malware was born from an open-source software known LaZagne.
Indicators of Compromise (15)
All URL FileHash-SHA256 hostname FileHash-MD5 FileHash-SHA1
TYPEINDICATORDESCRIPTIONCREATED
URL https://vvrhhhnaijyj6s2m.onion.top/storage/cryptoutput/0.10166600%201512473882.jar 2018-01-04
FileHash-SHA256 12f31200177966d1a9265e3dd57fafa9b68aa975d08e0abc5bdd4091263ffb73 2018-01-04
FileHash-SHA256 e2bc2b4953b7d602427733d5bbd03a86d95091be6d62b1fbc71122e2bfa0e667 2018-01-04
hostname vvrhhhnaijyj6s2m.onion.casa 2018-01-04
hostname vvrhhhnaijyj6s2m.onion.top 2018-01-04
FileHash-MD5 42ecb562506ec1734cc291c0092753c5 2018-01-04
FileHash-MD5 682f0260cd0bb8716d32485eebfe1d31 2018-01-04
FileHash-MD5 6d921290e0cacf6663890aa3dcb94845 2018-01-04
FileHash-MD5 702f6c5856591accb8cdd4bcfc46e114 2018-01-04
FileHash-MD5 cb9da672613decdc800849a45f21c0b8 2018-01-04
FileHash-MD5 d77cfa2b68c744f3ba62f2e49a598ffa 2018-01-04
FileHash-MD5 d9adbb40a0ae557c5bf1d2dd2f85409d 2018-01-04
FileHash-MD5 e78ae9440b8bd79d29fcf94819dc1928 2018-01-04
FileHash-MD5 f441dc0388afd3c4bca8a2110e1fa610 2018-01-04
FileHash-SHA1 695818706385bd511ba3ce7da10cfc63151375f4 2018-01-04
References (1)
↗ http://www.certego.net/en/news/nearly-undetectable-qarallax-rat-spreading-via-spam/