General
-
Target
b41de65c12f3ebc33982e3f4f7d6a869.bin
-
Size
10KB
-
Sample
240111-dz3vnsdfhr
-
MD5
01eb83e3968e9982ed2fb3c290412c5f
-
SHA1
e2af54aa77a86c28dcc5cd8eba7642bac0eec6a5
-
SHA256
331af54ba71ddfadef016f727f23eff94389f21bad76ad302ebea09cc123cff6
-
SHA512
ecffe1d99f6a73faee3434baa66d59add6041cf823b06eb2fb0c02fda656b3c235b282b0cb20ddd8cbb3d95712a211bc5bb753bf6fb3a9c5d92a4a0799ed0d5a
-
SSDEEP
192:lSErsfOMP+zO+5EYOTK6UG1cUQVZUZkoDzL80sdmxTnEtud2Iv5B1Xlnj:lL5e+b5O+6r1cUQbUyymdm9EEd2+1Xxj
Static task
static1
Behavioral task
behavioral1
Sample
bfc577b39beb5360dcc147f0fdb15921edeaf7e1df44b6992f57f213b5efecdc.ppam
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
bfc577b39beb5360dcc147f0fdb15921edeaf7e1df44b6992f57f213b5efecdc.ppam
Resource
win10v2004-20231215-en
Malware Config
Extracted
revengerat
NyanCatRevenge
marcelotatuape.ddns.net:333
7d11be66eae7
Targets
-
-
Target
bfc577b39beb5360dcc147f0fdb15921edeaf7e1df44b6992f57f213b5efecdc.ppam
-
Size
11KB
-
MD5
b41de65c12f3ebc33982e3f4f7d6a869
-
SHA1
f51d21035ec5527e814aaddd394944afbac5a18a
-
SHA256
bfc577b39beb5360dcc147f0fdb15921edeaf7e1df44b6992f57f213b5efecdc
-
SHA512
f8fd4932d71eff05f96beca1e2c2e4c2ef03a5f62afbccce07cc0d3b2e493c8980880ad6b4046f0c8c67f542e0f4b9ab5ee1fd72163d86663b1b1dba6853ed8d
-
SSDEEP
192:xrXP/x/jgjHdiswBnPKkaUgH4V0zpULuU4Z1m4z5w9kalVaI5dOVq0:dXPt8j96djazzUUZ1YZVaIPOB
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-