parasite | 64bfbbdf08aebb66f89866457a931b330968c126c87e8b02f1324392e65a4606 | Triage

Submit
Reports

Overview

overview

Static

static

bb940b97_e...ed.exe

windows7_x64

bb940b97_e...ed.exe

windows10_x64

Sharing

General

Target

bb940b97_extracted
Size

2.0MB
Sample

210216-6z5cnc1xtx
MD5

aa42d84248af944b0947399f4d72267a
SHA1

08815276a5efc5c49746fd9a10e6ed32069958d5
SHA256

64bfbbdf08aebb66f89866457a931b330968c126c87e8b02f1324392e65a4606
SHA512

864c958a0d4277c208dddcee66dc19604480043b213b457042015185e523b0e3219ff022a7df8ad935a16f6557dcb9ad8554092273f382181a6bac59fc90f0c9

Score

10^/10

parasite discovery persistence spyware stealer vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

bb940b97_extracted.exe

Resource

win7v20201028

parasite discovery spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

bb940b97_extracted.exe

Resource

win10v20201028

parasite discovery persistence spyware stealer vmprotect

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  bb940b97_extracted
- Size
  
  2.0MB
- MD5
  
  aa42d84248af944b0947399f4d72267a
- SHA1
  
  08815276a5efc5c49746fd9a10e6ed32069958d5
- SHA256
  
  64bfbbdf08aebb66f89866457a931b330968c126c87e8b02f1324392e65a4606
- SHA512
  
  864c958a0d4277c208dddcee66dc19604480043b213b457042015185e523b0e3219ff022a7df8ad935a16f6557dcb9ad8554092273f382181a6bac59fc90f0c9
Score

10^/10

parasite discovery spyware stealer persistence vmprotect
- Parasite, Nexus
  Parasite (or Nexus) is an infostealer written in C++.
  stealer parasite
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

parasitediscoveryspywarestealer

behavioral2

parasitediscoverypersistencespywarestealervmprotect

© 2018-2024

Terms | Privacy