General
-
Target
147f364a78efbe21c664cc3b57b52430a15a2d1856f10e0f4067942e39c9d6dc
-
Size
54KB
-
Sample
241010-1qgx6sybrc
-
MD5
c50aa75e55eacfd0a85643c81d6962c5
-
SHA1
3347d3c5b03afcd46ada31639c80174de5eac1df
-
SHA256
147f364a78efbe21c664cc3b57b52430a15a2d1856f10e0f4067942e39c9d6dc
-
SHA512
9e8bcac38eeab864ad914afa1ac81fcecc942dfc0bd90ab8bc3e9b720460792c8040133fc1118dc674263636f6ba28dbc69c4c7290bff13e0bf46394774d9694
-
SSDEEP
768:XRcXUzsZ/e5aO67lghmts3yeibSOFgOK:6X/eG7lghnyDb
Behavioral task
behavioral1
Sample
147f364a78efbe21c664cc3b57b52430a15a2d1856f10e0f4067942e39c9d6dc.doc
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
147f364a78efbe21c664cc3b57b52430a15a2d1856f10e0f4067942e39c9d6dc.doc
Resource
win10v2004-20241007-en
Malware Config
Extracted
revengerat
NyanCatRevenge
54.146.241.16:5222
f9796de67e
Targets
-
-
Target
147f364a78efbe21c664cc3b57b52430a15a2d1856f10e0f4067942e39c9d6dc
-
Size
54KB
-
MD5
c50aa75e55eacfd0a85643c81d6962c5
-
SHA1
3347d3c5b03afcd46ada31639c80174de5eac1df
-
SHA256
147f364a78efbe21c664cc3b57b52430a15a2d1856f10e0f4067942e39c9d6dc
-
SHA512
9e8bcac38eeab864ad914afa1ac81fcecc942dfc0bd90ab8bc3e9b720460792c8040133fc1118dc674263636f6ba28dbc69c4c7290bff13e0bf46394774d9694
-
SSDEEP
768:XRcXUzsZ/e5aO67lghmts3yeibSOFgOK:6X/eG7lghnyDb
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-