Overview

overview

8

Static

static

1

parsec-windows.exe

windows7-x64

3

parsec-windows.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    parsec-windows.exe

  • Size

    2.7MB

  • Sample

    230323-3v4nvaah67

  • MD5

    b49af1859c41d9178c4af8b330d64741

  • SHA1

    1272d1cd56010a813e05bcb32d8cf824e8a5e725

  • SHA256

    ae654731f8e85ec41a77edbfad7ec0064497421803fbc5105ca8a935af57fd6e

  • SHA512

    238add2b5db89886e31e281fa633ac4657580c853b5f6750a6e6816ffb85551466abbe7589fe60e19c0fe57989258c99a658331a4e039b48a991a5d2f8cc66cc

  • SSDEEP

    49152:MmRtVNwyndBmOrH+e/xsQjhtmZZcoANnuR+pAfkdE2WX8zPmK:3vhQ1st7oMpA92fmK

Score
8/10
discoveryevasionpersistence

Malware Config

Targets

    • Target

      parsec-windows.exe

    • Size

      2.7MB

    • MD5

      b49af1859c41d9178c4af8b330d64741

    • SHA1

      1272d1cd56010a813e05bcb32d8cf824e8a5e725

    • SHA256

      ae654731f8e85ec41a77edbfad7ec0064497421803fbc5105ca8a935af57fd6e

    • SHA512

      238add2b5db89886e31e281fa633ac4657580c853b5f6750a6e6816ffb85551466abbe7589fe60e19c0fe57989258c99a658331a4e039b48a991a5d2f8cc66cc

    • SSDEEP

      49152:MmRtVNwyndBmOrH+e/xsQjhtmZZcoANnuR+pAfkdE2WX8zPmK:3vhQ1st7oMpA92fmK

    Score
    8/10
    discoveryevasionpersistence

    • Creates new service(s)

      persistence

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Modifies Windows Firewall

      evasion

    • Stops running service(s)

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks