General
-
Target
Reserva Advogados Associados.ppam
-
Size
9KB
-
Sample
231210-t1yv4shea3
-
MD5
e76c8251c1c8e7bb5be87af6de62e90a
-
SHA1
02b22cc9a7a930cbffd2043b919d631588223f0a
-
SHA256
7cf01c820b438ecf19e2e39b7c34d938538f371ab63b9092ad97f80070c5395e
-
SHA512
1d7127075081f403f86e4599873bf133b97da9e4d4ebbc372e137dab406d37713d82db6c8c1be8d48ceee9e39e27fc7c55066bdea0036cfcccdce3813a566d00
-
SSDEEP
192:xrXP/GaHykrQKPo8n80LMThXgX35Gy+bbIWX1PmY+FzQc2WVE:dXPpykrRg+rM9YUtbkWX18Wc2Wu
Static task
static1
Behavioral task
behavioral1
Sample
Reserva Advogados Associados.ppam
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Reserva Advogados Associados.ppam
Resource
win10v2004-20231201-en
Malware Config
Extracted
revengerat
NyanCatRevenge
marcelotatuape.ddns.net:333
3b9ee4d4e0f34d7
Targets
-
-
Target
Reserva Advogados Associados.ppam
-
Size
9KB
-
MD5
e76c8251c1c8e7bb5be87af6de62e90a
-
SHA1
02b22cc9a7a930cbffd2043b919d631588223f0a
-
SHA256
7cf01c820b438ecf19e2e39b7c34d938538f371ab63b9092ad97f80070c5395e
-
SHA512
1d7127075081f403f86e4599873bf133b97da9e4d4ebbc372e137dab406d37713d82db6c8c1be8d48ceee9e39e27fc7c55066bdea0036cfcccdce3813a566d00
-
SSDEEP
192:xrXP/GaHykrQKPo8n80LMThXgX35Gy+bbIWX1PmY+FzQc2WVE:dXPpykrRg+rM9YUtbkWX18Wc2Wu
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-