Overview

overview

3

Static

static

3

NowStr.exe

windows7-x64

1

NowStr.exe

windows10-2004-x64

1

choice.exe

windows7-x64

choice.exe

windows10-2004-x64

cmdow.exe

windows7-x64

1

cmdow.exe

windows10-2004-x64

1

cmp.exe

windows7-x64

1

cmp.exe

windows10-2004-x64

1

ctext.exe

windows7-x64

1

ctext.exe

windows10-2004-x64

1

sed.exe

windows7-x64

1

sed.exe

windows10-2004-x64

1

sleep.exe

windows7-x64

1

sleep.exe

windows10-2004-x64

1

srec_cat.exe

windows7-x64

1

srec_cat.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    realterm_removed_utils_password_is_1234.zip

  • Size

    654KB

  • MD5

    6c24344c813daa79007dfb562d04e748

  • SHA1

    a2764f8d43f0ff46a8223a6ad14398fe2c113b2e

  • SHA256

    11789cedc82a3cd1195017fd20fd5eb569dbf329c76db74a294dc7be0c27c219

  • SHA512

    027643c5629e9a33473474e27c91bf7a5bb5f6081a6bebea8add34e63bec628f7e585f99502bd6eea1625baeef7faa9fdaca7ebbdf4b5ebba574749dae4219e7

  • SSDEEP

    12288:TNU9mXKPyvRLRj3CeegkSXDWBM7DeRxQ9uWarPvF5ZMwsSecBI/qUmA9FmOI2So+:mBypLRjSeegk2uRxQ9uWarXF5ZMEJIyZ

Score
3/10

Malware Config

Signatures

  • Unsigned PE 7 IoCs

    Checks for missing Authenticode signature.

Files

  • realterm_removed_utils_password_is_1234.zip
    .zip

    Password: 1234

  • NowStr.exe
    .exe windows x86

    Password: 1234


    Headers

    Sections

  • choice.exe
  • cmdow.exe
    .exe windows x86

    Password: 1234

    f7e72b9588bb734ca1a3c1f07de82baa


    Headers

    Imports

    Sections

  • cmp.exe
    .exe windows x86

    Password: 1234

    5e3aba56e344984501d28d488e5b92a7


    Headers

    Imports

    Sections

  • ctext.exe
    .exe windows x86

    Password: 1234

    d4156c3797cf5423bcbac94e8dd67b52


    Headers

    Imports

    Sections

  • readme_utils.txt
  • sed.exe
    .exe windows x86

    Password: 1234

    8f3e07b1049bd83e24c2eb26fa5f82fa


    Headers

    Imports

    Sections

  • sleep.exe
    .exe windows x86

    Password: 1234


    Headers

    Sections

  • srec_cat.exe
    .exe windows x86

    Password: 1234

    eda79544475ae3bdabf84f57fae87b19


    Headers

    Imports

    Sections