General
-
Target
reserva....exe
-
Size
3.9MB
-
Sample
230922-jxn7dsgf79
-
MD5
3403cb537d8e1e6257068d3189705050
-
SHA1
32a53dc15f1ccfc22daa3951df456264818c008a
-
SHA256
1e2ae6c3bc1dce5dc5d968f23da8fec92f2625a6014ca18e3989ad9a33f419d5
-
SHA512
a4c206374b4d4750968a0120ac1d460615b1d8c67561282e8dce479b502cda0f2d45953bd750f757878f6c188f3473637d21a897c078d8a497de0823345e076a
-
SSDEEP
98304:OtrbTA1XcptoXinXh6B8WXhT7rQUdUi2p2xIqjsdSympntS:wc1XOtnnXRah84h4qpptS
Static task
static1
Behavioral task
behavioral1
Sample
reserva....exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
reserva....exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
revengerat
NyanCatRevenge
marcelotatuape.ddns.net:333
2180459765
Targets
-
-
Target
reserva....exe
-
Size
3.9MB
-
MD5
3403cb537d8e1e6257068d3189705050
-
SHA1
32a53dc15f1ccfc22daa3951df456264818c008a
-
SHA256
1e2ae6c3bc1dce5dc5d968f23da8fec92f2625a6014ca18e3989ad9a33f419d5
-
SHA512
a4c206374b4d4750968a0120ac1d460615b1d8c67561282e8dce479b502cda0f2d45953bd750f757878f6c188f3473637d21a897c078d8a497de0823345e076a
-
SSDEEP
98304:OtrbTA1XcptoXinXh6B8WXhT7rQUdUi2p2xIqjsdSympntS:wc1XOtnnXRah84h4qpptS
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-