General
-
Target
parsec-windows.exe
-
Size
3.9MB
-
Sample
240703-e9y5xa1hpq
-
MD5
01ef58e7c144c701b2ea01cfc049dbe4
-
SHA1
2f572accb519096c9ea805812ba53703c16cceea
-
SHA256
ae5b66322e5a7c26ad21ccc556bdc1618796166565d2939142c5aa3d76c38ace
-
SHA512
434fd6d4eb49669617da3a15c2239a2cf524624cc4fcf9f09d8bb78a40ddf2dc5e70105e6708ce7643448f3176301edd64a9b71244c179a836119532d7dd69a6
-
SSDEEP
98304:QsSoMQnPLeMNCvYa59QKS7XnqSsAVlsX4pIDmjjcrhm2NGbUU:QsSByeMj04VlslQsm2NK
Malware Config
Targets
-
-
Target
parsec-windows.exe
-
Size
3.9MB
-
MD5
01ef58e7c144c701b2ea01cfc049dbe4
-
SHA1
2f572accb519096c9ea805812ba53703c16cceea
-
SHA256
ae5b66322e5a7c26ad21ccc556bdc1618796166565d2939142c5aa3d76c38ace
-
SHA512
434fd6d4eb49669617da3a15c2239a2cf524624cc4fcf9f09d8bb78a40ddf2dc5e70105e6708ce7643448f3176301edd64a9b71244c179a836119532d7dd69a6
-
SSDEEP
98304:QsSoMQnPLeMNCvYa59QKS7XnqSsAVlsX4pIDmjjcrhm2NGbUU:QsSByeMj04VlslQsm2NK
Score8/10-
Creates new service(s)
-
Stops running service(s)
-
Modifies Windows Firewall
-
-
-
Target
$PLUGINSDIR/ApplicationID.dll
-
Size
196KB
-
MD5
a858c1a57e32485505b1977cf0a125be
-
SHA1
25d86c4b51f7cc10fc70e3a0493a39c4460cc350
-
SHA256
1462a072345e86318b981089b08b613a34027ddf527bfb66606c683f218fc3b4
-
SHA512
32b597fc2412a9407fd12ac77c556ff9740f1dd0d2055426d11a7baf21b09c536a84cfb97865b4e94168656514e7ce71eb2bc4122aa340100f4ce483bad1722d
-
SSDEEP
3072:2pBNN6AmU9cDlKd3P6V9nSm49WTgKg4Fa1V3FuXRAuAg0FubA9cVsL+73:2pzxmQ3yL+9MgKbxAOEXY
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
cff85c549d536f651d4fb8387f1976f2
-
SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
-
SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
-
SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
SSDEEP
192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
6c3f8c94d0727894d706940a8a980543
-
SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd
-
SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
-
SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355
-
SSDEEP
96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
7KB
-
MD5
675c4948e1efc929edcabfe67148eddd
-
SHA1
f5bdd2c4329ed2732ecfe3423c3cc482606eb28e
-
SHA256
1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906
-
SHA512
61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683
-
SSDEEP
96:J9zdzBzMDByZtr/HDQIUIq9m6v6vBckzu9wSBpLEgvElHlernNQaSGYuH2DQ:JykDr/HA5v6G2IElFernNQZGdHW
Score3/10 -
-
-
Target
parsecd.exe
-
Size
454KB
-
MD5
62beb668110b4c5ddad09bb20d921cb6
-
SHA1
f3706372c01d1e607ff8c605307de6ef2c26c1a4
-
SHA256
6f1be9e26e403a885cc3b1ff0e4dbecbc96c0821119d25990c3e211564f215d5
-
SHA512
8994c3f1c78b0a816ecf30e463af8d6ddfd0a0ce7b962cbf13e9bbd360d37a024b8ee69c76745f4c332a4786dbfb9216667b1d03c32c60a7c06e85359a2186ee
-
SSDEEP
6144:rkdyuNAbS9p400tm61bXdCwx+3y6kR1DnjvGms7X5od0:rkUuNAbS9p9cx1rdCwh6+/+msjmd0
Score1/10 -
-
-
Target
pservice.exe
-
Size
408KB
-
MD5
46cd3fc327af9109bd143ba7f16df397
-
SHA1
53d2a6bcf0d21168050b852e287c2ef62f52f909
-
SHA256
5a699a165838c739e449ac19a52e0a05b841bcee1a27f7d348f0dd04c8e277a3
-
SHA512
d6e35f0dd4f6ef259dd7040d80cd469f27eb460836a4c767d40678ce82b46ce4c38b329c0cf3b41236cea2f0333f94669cfbef05ef484d91035f52ad4c1a5ca3
-
SSDEEP
6144:qaoZkv+B1x9heMY32Z4iZDzDJGjvGms7X5Hm:4Zkv+B1x9cMu2ZzS+msjZ
Score1/10 -
-
-
Target
skel/parsecd-150-93b.dll
-
Size
3.3MB
-
MD5
1ff3e1349edd37a206a97943731045c4
-
SHA1
6d1cfc0c0b26191385cb27149433e743b74d479a
-
SHA256
b43debe8105cfd4e2c8f81599497ad4ad38640f19a64f9e530e7d2f64662bf6d
-
SHA512
80f91692c22587e76e26c7ca38b267493d4598bce75e284b3fef4ef03c64ef8ba91d67bb7be2bddd9624e4aa52a67bdeb4b5eac3a86a31529bb18c44f5824fe6
-
SSDEEP
49152:UWvLIUXeaP9CAYaXaAndGk4L8jTMFv43/ruceDSbsRCy9uzY9eQoYVe0OUrVxkov:0I0jNdLrpEeD+vqBlMe
Score1/10 -
-
-
Target
teams.exe
-
Size
342KB
-
MD5
faa24223985abfbf64e4ddcd43f062d3
-
SHA1
e1374dc7c98405efc5a44aa3229b97eabdd69bb2
-
SHA256
6dc71b2e92b770dcfeca4a32c8f1787210311f731f1124754df193ec22d5d13e
-
SHA512
23324afcb51508f5ea3f120a5787b150a8226d677c5a55fef219674b4d619fd0d7300d2b4cad917864d5f54788b9c8546db2a77aa4f0d666a956014169c4a6c9
-
SSDEEP
6144:GAR9duE83BYjyEbU1SDgFg8EwkSdbAxD22y6jvGmp:H9gp3WjyEbU1SDAgJw40c+mp
Score1/10 -
-
-
Target
vusb/parsec-vud.exe
-
Size
116KB
-
MD5
3cdb48df5ecd5ed2c102fb2edb20492a
-
SHA1
4d8309a4d7222f98abb2d8bb8b29fc35a0509831
-
SHA256
dfb4463aeacba1153cc4a63bdec82ded73a788a2797d62003d3da0d330207e2e
-
SHA512
0c5a3ffc35a7abc66e13c89fb166b78b6d5f3c8a36b44b9bbfc2691ad884d8b77fe2fc7857c52bb0636abfde2657613e46828a6f5feb97977e410c46db27b000
-
SSDEEP
3072:IbG7N2kDTHUpouC0NIHo0Ym9eyOEebifyUPNqF+jgi1ZTt:IbE/HU60uI0YAOEe2fyU9jgIpt
Score3/10 -
-
-
Target
wscripts/firewall-add.vbs
-
Size
307B
-
MD5
882374285898f16b5f9ff44afc1ae701
-
SHA1
31c9445557c9b8ecda1f0a6d5ff666e01dd1c3ca
-
SHA256
0be5aa5cc6395a86878f56b131e13db4908e48f06e892ff8f8cf9e2d3b6c8abb
-
SHA512
3b05158b03b57a4d2cbfee9cef6adfe973d080264a88e5cdeb85c59b567529cd1cd2a3b5d8538cb8637d140fd8691dc8826388ab669b7bfb2d5c1c4174069243
Score1/10 -
-
-
Target
wscripts/firewall-remove.vbs
-
Size
367B
-
MD5
5d4d70cdf36fcdaa292da1da9133320c
-
SHA1
92dc18d3d1128d43f482ab56804136c687b00713
-
SHA256
75f1dece4fda689a907f6d74b513adb0c1771c1b79ea71160179542c9c4ab2f0
-
SHA512
b54c92fbecb10ddf66d1b7ad950ffbc13f504c71081a8bd56c28c5689a2bf19bd81b467e0697c38f140c72a273eb9eb837105e738c6f1ac4f43344e2ab521778
Score8/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
wscripts/legacy-cleanup.vbs
-
Size
115B
-
MD5
c78520c3162c1962f3164714b37eb4d0
-
SHA1
67c19b8aea7ad99465976dbcd3efcfdd7d62e3fe
-
SHA256
dea38bd553abe93c689de42d0220add18f9be3e3d2fa53f97eb8649f586df4f3
-
SHA512
cfbfc2c7dd8019f98b77e8881680ef9d0135a210fb9b0136a4992c236d971e247aa1641cd2eafdc5f6f5bb61002b30ea14b226127c4cef04f3b3d6be3a941fcc
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
wscripts/service-install.vbs
-
Size
412B
-
MD5
971e2a344a6e17347a81eeb21ada7ba7
-
SHA1
37e034c29adda9b118b75bfdc7c6f41aac71e257
-
SHA256
01f62a12de3307b375dff3ebcd6961d76ffcbc24f70682c7875655a811ce76a1
-
SHA512
5ea0750dc07ff1a0eb1807043b48fb9ed54f6dcb96ce03cb543b0ea36d326779814b6cb87091373574911662a35d75b576e35c5b8d781db36fe1503f8287c65d
Score8/10-
Creates new service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
wscripts/service-kill-parsec.vbs
-
Size
164B
-
MD5
f7b0c63e7aea5cbd96f7bf1021b28b73
-
SHA1
fc5b11a6bf022740de3ba15455b06ad3f061366b
-
SHA256
71f9cc28497b959377439f6611615ef582745dd5b9cca02b5c4b24bb1fc3dfb8
-
SHA512
c957b7b45b188af0b6e6698507e94564e8e5ccc8dbf5f0237827df373878291095887422584f7f3b7833cbcdd682531fa75c974ba1137031b32bf2ffba268191
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
wscripts/service-remove.vbs
-
Size
150B
-
MD5
b90e75dd7903cb2d6328bb3714865c7a
-
SHA1
2d32868deb198726ed5feb80b66542bad7fbacee
-
SHA256
970b3c2a9ea1906a177810990478932e3517f47aba267cf2ab9e4ba65e7b475f
-
SHA512
3d4bfb86ec98fd85843ae5b63dcf5f475c6500380f02bb4d0dee15a5f7e2334abdbbcd9420b8ac05b5beb8a63b9ea16abcd70ae01c04b87a423fc288ff4dca0a
Score8/10-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
3Windows Service
3Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
3Windows Service
3Event Triggered Execution
1Netsh Helper DLL
1