General
-
Target
Ativador Key Authy .vbs
-
Size
307KB
-
Sample
230405-qad68seg93
-
MD5
e7585212ec8add6edfa1b18d5cd1a0fb
-
SHA1
1c20255b64c1677194c989159cf2225597bfd606
-
SHA256
a329cfce33b6cadbac42ef31b7d894a4349173075fe6f216965dba2e69ee625b
-
SHA512
a5b25cb8f4f7114b336a216288bb617a2ab6d032c7974848ab746e486716f30bafc8fb22b43c462061809deb9dfedfd7c819b689fc58b38a27b4e6dd1c92e71a
-
SSDEEP
768:gpfzNfPBedPiGe6wb0pCwXUS6s4g6zcaEe16DbcjDc84n+0Mo:EfzVPBedPk6a0pCQ4xEsofvMo
Static task
static1
Behavioral task
behavioral1
Sample
Ativador Key Authy .vbs
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Ativador Key Authy .vbs
Resource
win10v2004-20230220-en
Malware Config
Extracted
revengerat
NyanCatRevenge
b2b.ddns.com.br:5222
d9261ef3301b4b86a95
Targets
-
-
Target
Ativador Key Authy .vbs
-
Size
307KB
-
MD5
e7585212ec8add6edfa1b18d5cd1a0fb
-
SHA1
1c20255b64c1677194c989159cf2225597bfd606
-
SHA256
a329cfce33b6cadbac42ef31b7d894a4349173075fe6f216965dba2e69ee625b
-
SHA512
a5b25cb8f4f7114b336a216288bb617a2ab6d032c7974848ab746e486716f30bafc8fb22b43c462061809deb9dfedfd7c819b689fc58b38a27b4e6dd1c92e71a
-
SSDEEP
768:gpfzNfPBedPiGe6wb0pCwXUS6s4g6zcaEe16DbcjDc84n+0Mo:EfzVPBedPk6a0pCQ4xEsofvMo
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-