jar.qarallax_rat (Back to overview)

Qarallax RAT


According to SpiderLabs, in May 2015 the "company" Quaverse offered a RAT known as Quaverse RAT or QRAT. At around May 2016, this QRAT evolved into another RAT which became known as Qarallax RAT, because its C2 is at qarallax.com. Quaverse also offers a service to encrypt Java payloads (Qrypter), and thus qrypted payloads are sometimes confused with Quaverse RATs (QRAT / Qarallax RAT).

References
https://labsblog.f-secure.com/2016/06/07/qarallax-rat-spying-on-us-visa-applicants/
http://www.certego.net/en/news/nearly-undetectable-qarallax-rat-spreading-via-spam/

There is no Yara-Signature yet.