General
-
Target
f8d9858e2029276c48e1e7aefc168269ba73450bfba41d49d47aa61092dd0cf9.ppam
-
Size
15KB
-
Sample
240313-dc8seada79
-
MD5
61d206a7e9df935a0cad8de669e85241
-
SHA1
fa687a793c6e5756d26e1d6082767c86efcb6198
-
SHA256
f8d9858e2029276c48e1e7aefc168269ba73450bfba41d49d47aa61092dd0cf9
-
SHA512
530c13a6b775e0e7fe1b101884e323b22f2e2420777e381f83244903258c709df1db706362d41769f91e556e7d70cf72041d11fb76ee9db7de2895d85f2aab68
-
SSDEEP
192:xrXP//fWt8oxFx+Wex7wTQxM7IVHdimITS09k80JFbSvmSvjXma9kofRuGEy4TZw:dXPvW6S+WexTM74d+XSDSOoTdfw3y0C
Static task
static1
Behavioral task
behavioral1
Sample
f8d9858e2029276c48e1e7aefc168269ba73450bfba41d49d47aa61092dd0cf9.ppam
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f8d9858e2029276c48e1e7aefc168269ba73450bfba41d49d47aa61092dd0cf9.ppam
Resource
win10v2004-20240226-en
Malware Config
Extracted
revengerat
NyanCatRevenge
craxsrat.ddns.com.br:333
27d7e6701f5e
Targets
-
-
Target
f8d9858e2029276c48e1e7aefc168269ba73450bfba41d49d47aa61092dd0cf9.ppam
-
Size
15KB
-
MD5
61d206a7e9df935a0cad8de669e85241
-
SHA1
fa687a793c6e5756d26e1d6082767c86efcb6198
-
SHA256
f8d9858e2029276c48e1e7aefc168269ba73450bfba41d49d47aa61092dd0cf9
-
SHA512
530c13a6b775e0e7fe1b101884e323b22f2e2420777e381f83244903258c709df1db706362d41769f91e556e7d70cf72041d11fb76ee9db7de2895d85f2aab68
-
SSDEEP
192:xrXP//fWt8oxFx+Wex7wTQxM7IVHdimITS09k80JFbSvmSvjXma9kofRuGEy4TZw:dXPvW6S+WexTM74d+XSDSOoTdfw3y0C
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-