General
-
Target
comprovante de pagamento.ppam
-
Size
23KB
-
Sample
240719-l17h9avflk
-
MD5
aae8e2400a374294adcf96504f25180f
-
SHA1
326f020fc3ec8a3bdcc27ba5d3d54df0029e6ff2
-
SHA256
d10fccc801f58792d0feab8d9014a71f4553a584bde1f00e32586944f955d3fd
-
SHA512
92afa4d86e30a7063f94b64e84ed99641a717b6a97888a2fbbb78b1da8662cbaedfe64b050047d8ba6cd1b542e2082b888e57077381d185e99f7f1e62e693eed
-
SSDEEP
384:dXPNdo5nM3HC58UJzD6jHap59VcnksKLXHQxgIhSnH1xXcndqe+dQfmg:VPInM3Ih16DapOnksKjQxthGH1mdUQp
Static task
static1
Behavioral task
behavioral1
Sample
comprovante de pagamento.ppam
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
comprovante de pagamento.ppam
Resource
win10v2004-20240709-en
Malware Config
Extracted
revengerat
NyanCatRevenge
lua.ddns.com.br:5222
101f19215cac
Targets
-
-
Target
comprovante de pagamento.ppam
-
Size
23KB
-
MD5
aae8e2400a374294adcf96504f25180f
-
SHA1
326f020fc3ec8a3bdcc27ba5d3d54df0029e6ff2
-
SHA256
d10fccc801f58792d0feab8d9014a71f4553a584bde1f00e32586944f955d3fd
-
SHA512
92afa4d86e30a7063f94b64e84ed99641a717b6a97888a2fbbb78b1da8662cbaedfe64b050047d8ba6cd1b542e2082b888e57077381d185e99f7f1e62e693eed
-
SSDEEP
384:dXPNdo5nM3HC58UJzD6jHap59VcnksKLXHQxgIhSnH1xXcndqe+dQfmg:VPInM3Ih16DapOnksKjQxthGH1mdUQp
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-