General
-
Target
reservas.vbs
-
Size
650B
-
Sample
240229-pffrksgf21
-
MD5
5cf16aa21c6757f09238693e35229f4e
-
SHA1
f07993d1ffab08970971b6ff3b0b2162fc2367cb
-
SHA256
6e6c1a2d164e6bb18f8847054bd9417f17650c2f2bbf1ef575800927fb03b9f3
-
SHA512
2f92cc5fc41fa0aeeb7c15adeea6b82edaa249ed2d97401f140471de0de4fa1005a7c83ff49db154453dedea7a926b6030c47e36766c62af7b0eb83cde676426
Static task
static1
Behavioral task
behavioral1
Sample
reservas.vbs
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
reservas.vbs
Resource
win10v2004-20240226-en
Malware Config
Extracted
revengerat
NyanCatRevenge
brasil.ddns.com.br:333
33c61550ada3497
Targets
-
-
Target
reservas.vbs
-
Size
650B
-
MD5
5cf16aa21c6757f09238693e35229f4e
-
SHA1
f07993d1ffab08970971b6ff3b0b2162fc2367cb
-
SHA256
6e6c1a2d164e6bb18f8847054bd9417f17650c2f2bbf1ef575800927fb03b9f3
-
SHA512
2f92cc5fc41fa0aeeb7c15adeea6b82edaa249ed2d97401f140471de0de4fa1005a7c83ff49db154453dedea7a926b6030c47e36766c62af7b0eb83cde676426
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-