General
-
Target
Documentaoeembarque.ppam
-
Size
27KB
-
Sample
230507-jjdhqsfb35
-
MD5
d90141316834a63ece99172d1d68da4b
-
SHA1
e248a750c497da19e29611c9ae1ecca67171276a
-
SHA256
386654272e99d7f01809047f83e118043b42ab72faa3171bdb8fbb94998627c4
-
SHA512
3b2984e89b4633a574784015e6ce615f4c081b39549bc4fc5fcfcb4ce577dfca0babc3a22778590805947db6bbaac55ce95ed2e872674d26165ef3f857a6c72d
-
SSDEEP
768:VPXOXyAlkygx6BI2/fvgTd1M+L+/f76g40AFBF:V/OXyivI2O1M+WjL4HF
Static task
static1
Behavioral task
behavioral1
Sample
Documentaoeembarque.ppam
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Documentaoeembarque.ppam
Resource
win10v2004-20230220-en
Malware Config
Extracted
revengerat
NyanCatRevenge
b2b.ddns.com.br:5222
d9261ef3301b4b86a95
Targets
-
-
Target
Documentaoeembarque.ppam
-
Size
27KB
-
MD5
d90141316834a63ece99172d1d68da4b
-
SHA1
e248a750c497da19e29611c9ae1ecca67171276a
-
SHA256
386654272e99d7f01809047f83e118043b42ab72faa3171bdb8fbb94998627c4
-
SHA512
3b2984e89b4633a574784015e6ce615f4c081b39549bc4fc5fcfcb4ce577dfca0babc3a22778590805947db6bbaac55ce95ed2e872674d26165ef3f857a6c72d
-
SSDEEP
768:VPXOXyAlkygx6BI2/fvgTd1M+L+/f76g40AFBF:V/OXyivI2O1M+WjL4HF
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
Suspicious use of SetThreadContext
-