General
-
Target
Reserva Cancelar.ppam
-
Size
8KB
-
Sample
231205-h2nkzshf71
-
MD5
f7d4d5e2956183dce4ba10720c701152
-
SHA1
03b9e2cc094459a6df2fed97f5883b83e982fdf6
-
SHA256
d692617c7a65d2ba50d882b02dffaf94fd10ed3a7ba31ff8a075a43d67034387
-
SHA512
b27699a17f1bcba03bd06c695212e186b433b0178eb0b039660a8c8358315c00c6309a9f77953608d6f48f0105d80b96a7e69e98681969864098750eb3731fd4
-
SSDEEP
192:xrXP/cgesPouvhbzvPKPCyDwlLMYOHqvro3h:dXPne8ouvNPKPC2HqsR
Static task
static1
Behavioral task
behavioral1
Sample
Reserva Cancelar.ppam
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
Reserva Cancelar.ppam
Resource
win10v2004-20231127-en
Malware Config
Extracted
revengerat
NyanCatRevenge
marcelotatuape.ddns.net:333
da4b271c7cfc4bb
Targets
-
-
Target
Reserva Cancelar.ppam
-
Size
8KB
-
MD5
f7d4d5e2956183dce4ba10720c701152
-
SHA1
03b9e2cc094459a6df2fed97f5883b83e982fdf6
-
SHA256
d692617c7a65d2ba50d882b02dffaf94fd10ed3a7ba31ff8a075a43d67034387
-
SHA512
b27699a17f1bcba03bd06c695212e186b433b0178eb0b039660a8c8358315c00c6309a9f77953608d6f48f0105d80b96a7e69e98681969864098750eb3731fd4
-
SSDEEP
192:xrXP/cgesPouvhbzvPKPCyDwlLMYOHqvro3h:dXPne8ouvNPKPC2HqsR
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-