General
-
Target
Reserva.xls
-
Size
754KB
-
Sample
231207-jcyv4ahhaj
-
MD5
3bcf5f59bf2674ed3d5873037e6facf9
-
SHA1
c30056cf0d3d6d484bc70d90e25797d314ad130d
-
SHA256
23a43356377f3202cc3dfc099e0966881e4069d7159ff7f8c8ea5638ecb93ae7
-
SHA512
fa3a9d4ee97a6a8f9d23bb17c2b466db85c01b0837f45c0150d35053db9616fc68d23e0ec09b3f3e6a5729c633496c8031ad208df71b2b679d8bbfcd1610787e
-
SSDEEP
12288:JoPIj/NtKmSvwtfNsHv38KHa1eYNqscnYwclMZWeVQOgiHviwa4cekHW:wIT6uNsHv3shPcnY5uZN++HKwnAW
Behavioral task
behavioral1
Sample
Reserva.xls
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
Reserva.xls
Resource
win10v2004-20231130-en
Malware Config
Extracted
revengerat
NyanCatRevenge
marcelotatuape.ddns.net:333
da4b271c7cfc4bb
Targets
-
-
Target
Reserva.xls
-
Size
754KB
-
MD5
3bcf5f59bf2674ed3d5873037e6facf9
-
SHA1
c30056cf0d3d6d484bc70d90e25797d314ad130d
-
SHA256
23a43356377f3202cc3dfc099e0966881e4069d7159ff7f8c8ea5638ecb93ae7
-
SHA512
fa3a9d4ee97a6a8f9d23bb17c2b466db85c01b0837f45c0150d35053db9616fc68d23e0ec09b3f3e6a5729c633496c8031ad208df71b2b679d8bbfcd1610787e
-
SSDEEP
12288:JoPIj/NtKmSvwtfNsHv38KHa1eYNqscnYwclMZWeVQOgiHviwa4cekHW:wIT6uNsHv3shPcnY5uZN++HKwnAW
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-