General
-
Target
Mensajes en cuarentena (1).zip
-
Size
86KB
-
Sample
240325-jvzv4sah52
-
MD5
b5de3adc2b4130061ce1c99935a6a4c2
-
SHA1
c1ac0d60cdabb3afba405723da069c036ddd07aa
-
SHA256
aee96147d05a9d6564be20eb8dfc628635c15bca71cf62c85edd328fef582831
-
SHA512
f71e993dc3092ec254e52eb4b2392d0c10202f3ad4406e7ea85db41db37d0999c38ab1ed88a778849a212763e4fec4047b6934ac344c207299db7f08004e30b1
-
SSDEEP
1536:0aXTqjn3aF5J3sY6sSl4q3iJhhXUP5hpP2eCSoqcUvN3tVdaNJS+XuVDL:0aX0nZ8SinJhBk5hpPvHndaN8++VX
Behavioral task
behavioral1
Sample
Comrpovante de pagamento.ppa
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Comrpovante de pagamento.ppa
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Documentacao pax.ppa
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Documentacao pax.ppa
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
Solicitacao n 3422022.ppa
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Solicitacao n 3422022.ppa
Resource
win10v2004-20240226-en
Malware Config
Extracted
revengerat
NyanCatRevenge
craxsrat.ddns.com.br:333
27d7e6701f5e
Targets
-
-
Target
Comrpovante de pagamento.ppa
-
Size
88KB
-
MD5
ff08378dd83e84df74a9ce07f5105aa2
-
SHA1
2ba229ede6c3b0a53e966d6f491e556b8b9efe72
-
SHA256
994fbd9bbcb4586bcc97a0c0fb48f08b3af8acac284624c84d2d102fb1f3762e
-
SHA512
f09ce3a2e8a21979c8d8060ee8206cc6d4146a80176a3f243f35fa0f8f021ec349fb3474ff0635c3543092c34ad6bcb5898895c37d05763f6945fc42fa8ca1fc
-
SSDEEP
768:0cOoejkNcs+kozxpxWMjcXocyNumLu8J7icjo:0WejkNcsuzxpxWbYT1u
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-
-
-
Target
Documentacao pax.ppa
-
Size
88KB
-
MD5
ff08378dd83e84df74a9ce07f5105aa2
-
SHA1
2ba229ede6c3b0a53e966d6f491e556b8b9efe72
-
SHA256
994fbd9bbcb4586bcc97a0c0fb48f08b3af8acac284624c84d2d102fb1f3762e
-
SHA512
f09ce3a2e8a21979c8d8060ee8206cc6d4146a80176a3f243f35fa0f8f021ec349fb3474ff0635c3543092c34ad6bcb5898895c37d05763f6945fc42fa8ca1fc
-
SSDEEP
768:0cOoejkNcs+kozxpxWMjcXocyNumLu8J7icjo:0WejkNcsuzxpxWbYT1u
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-
-
-
Target
Solicitacao n 3422022.ppa
-
Size
88KB
-
MD5
ff08378dd83e84df74a9ce07f5105aa2
-
SHA1
2ba229ede6c3b0a53e966d6f491e556b8b9efe72
-
SHA256
994fbd9bbcb4586bcc97a0c0fb48f08b3af8acac284624c84d2d102fb1f3762e
-
SHA512
f09ce3a2e8a21979c8d8060ee8206cc6d4146a80176a3f243f35fa0f8f021ec349fb3474ff0635c3543092c34ad6bcb5898895c37d05763f6945fc42fa8ca1fc
-
SSDEEP
768:0cOoejkNcs+kozxpxWMjcXocyNumLu8J7icjo:0WejkNcsuzxpxWbYT1u
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-