Overview

overview

8

Static

static

7

1.bat

windows10-2004-x64

8

2.bat

windows10-2004-x64

1

3.bat

windows10-2004-x64

1

exe/ntregopt.exe

windows10-2004-x64

exe/reshacker.exe

windows10-2004-x64

7

exe/upx.exe

windows10-2004-x64

7

reg.bat

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SlimWin.7z

  • Size

    670KB

  • MD5

    436631a4f4e47511ee280d9ba7715d5f

  • SHA1

    ec720e846000525712a9d4ae504bd645a326d6a7

  • SHA256

    c69d2404e2a9612e85dea8564bc995db41962603d4ea1530883cfa0f8e7b2a2f

  • SHA512

    3c6309e1e568fed93ddb0e1643056b01c6aaf1abf4375ef62ef2b8e67b299dd51ba10f9fa15069145f19403fb4c3937bc5cbc37e19cabcba0135d376c386a480

  • SSDEEP

    12288:B7oNDD8W8+DcGCKJWclOws4X1iZ9pYcKt3tX8oezk/tSgIlWF:hqD8ADEjHK4ZYBt3985kFjh

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 5 IoCs

    Checks for missing Authenticode signature.

Files

  • SlimWin.7z
    .7z

    Password: mysubsarethebest

  • 1.bat
  • 2.bat
  • 3.bat
  • exe/NTREGOPT.LOC
  • exe/ntregopt.exe
    .exe windows:1 windows x86

    Password: mysubsarethebest


    Headers

    Sections

  • out.upx
    .exe windows:1 windows x86


    Headers

    Sections

  • exe/reshacker.exe
    .exe windows:1 windows x86

    Password: mysubsarethebest


    Headers

    Sections

  • out.upx
    .exe windows:1 windows x86


    Headers

    Sections

  • exe/upx.exe
    .exe windows:4 windows x86


    Headers

    Sections

  • reg.bat
    .bat .vbs