General
-
Target
Reserva Detalhes.ppam
-
Size
12KB
-
Sample
240325-twdpdafe6x
-
MD5
a1d2e92429553425cf7505c8563b84ed
-
SHA1
d5550fa4da1db73fb15f3fcdd8935504350c392b
-
SHA256
c495ec8d688d14f6e90a75d6570ffbb3f34cd716e05f661a5c57acaf7cccc10e
-
SHA512
9db3cce89055888cf4f7ef8db57dc171fa48f16a5d6724a540f16b365514672e6ec283b25cf6a3e7985c5dd57d5c7538263da690596eaa71dcac7cfeaf677f98
-
SSDEEP
192:xrXP/Rz9m/qgC0XvXUyhRT2QiDjhmdihVGBZGinvSo0Ctbc7PHET:dXPWqgvXmQiDVm8GBklWbc7PG
Static task
static1
Behavioral task
behavioral1
Sample
Reserva Detalhes.ppam
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
Reserva Detalhes.ppam
Resource
win10v2004-20240226-en
Malware Config
Extracted
https://pt.textbin.net/download/zbbh8tfbo9
Extracted
revengerat
NyanCatRevenge
marcelotatuape.ddns.net:333
0f84d46907494
Targets
-
-
Target
Reserva Detalhes.ppam
-
Size
12KB
-
MD5
a1d2e92429553425cf7505c8563b84ed
-
SHA1
d5550fa4da1db73fb15f3fcdd8935504350c392b
-
SHA256
c495ec8d688d14f6e90a75d6570ffbb3f34cd716e05f661a5c57acaf7cccc10e
-
SHA512
9db3cce89055888cf4f7ef8db57dc171fa48f16a5d6724a540f16b365514672e6ec283b25cf6a3e7985c5dd57d5c7538263da690596eaa71dcac7cfeaf677f98
-
SSDEEP
192:xrXP/Rz9m/qgC0XvXUyhRT2QiDjhmdihVGBZGinvSo0Ctbc7PHET:dXPWqgvXmQiDVm8GBklWbc7PG
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-