General
-
Target
4132868ce09293c0b4d4e241d592d67c062be7faf2cc4b966e9976c9a00ed411
-
Size
1KB
-
Sample
220417-tzlt6adfe4
-
MD5
5b3ffe20f99554d62f8b71ca2553b3fd
-
SHA1
adf3fd5890b262dde0b51ea34250fba208919cd9
-
SHA256
4132868ce09293c0b4d4e241d592d67c062be7faf2cc4b966e9976c9a00ed411
-
SHA512
bbb89687d153896e2eecfa066041d97cc0fd37d9e23e9af34a5cec1107b35706935d233cf2b6fff7925ed11a37c42603a31fb6da97da0ad4d2443e58f18771d5
Static task
static1
Behavioral task
behavioral1
Sample
4132868ce09293c0b4d4e241d592d67c062be7faf2cc4b966e9976c9a00ed411.vbs
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
4132868ce09293c0b4d4e241d592d67c062be7faf2cc4b966e9976c9a00ed411.vbs
Resource
win10v2004-20220414-en
Malware Config
Extracted
https://www.uplooder.net/f/tl/14/41a828a1bd32c8f8ce70b7611e62bf05/new-songs.mp3
Extracted
revengerat
NyanCatRevenge
updatefacebook.duckdns.org:6
0d00c7b92de94
Targets
-
-
Target
4132868ce09293c0b4d4e241d592d67c062be7faf2cc4b966e9976c9a00ed411
-
Size
1KB
-
MD5
5b3ffe20f99554d62f8b71ca2553b3fd
-
SHA1
adf3fd5890b262dde0b51ea34250fba208919cd9
-
SHA256
4132868ce09293c0b4d4e241d592d67c062be7faf2cc4b966e9976c9a00ed411
-
SHA512
bbb89687d153896e2eecfa066041d97cc0fd37d9e23e9af34a5cec1107b35706935d233cf2b6fff7925ed11a37c42603a31fb6da97da0ad4d2443e58f18771d5
Score10/10-
Blocklisted process makes network request
-
Malicious .NET executables
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-