General
-
Target
TeraBox_1.13.1.5 (1).exe
-
Size
80.8MB
-
Sample
230116-rdrr6scc2y
-
MD5
403f3b034f8d216534f955688f468fab
-
SHA1
f41b643a2744a933fb18130fb3dd3d2b0051518b
-
SHA256
ded767690577af7c9513b14b6271c4d0f0309789b6dd2bcb2e47cb5aa017af53
-
SHA512
7e30de1033f105905d30b36468d06ec38761620c63695e5aeb58d3763b6c613229913258c10a708604cfd502d362d14d8e16c76ce29c6a4124ec7b426860b780
-
SSDEEP
1572864:WqUkKn6NpChkPSXgpUhBWXQi7/08StgJtctsuVSscPCrxn:hdFNAXXgqUF7jtXqv9F
Malware Config
Targets
-
-
Target
TeraBox_1.13.1.5 (1).exe
-
Size
80.8MB
-
MD5
403f3b034f8d216534f955688f468fab
-
SHA1
f41b643a2744a933fb18130fb3dd3d2b0051518b
-
SHA256
ded767690577af7c9513b14b6271c4d0f0309789b6dd2bcb2e47cb5aa017af53
-
SHA512
7e30de1033f105905d30b36468d06ec38761620c63695e5aeb58d3763b6c613229913258c10a708604cfd502d362d14d8e16c76ce29c6a4124ec7b426860b780
-
SSDEEP
1572864:WqUkKn6NpChkPSXgpUhBWXQi7/08StgJtctsuVSscPCrxn:hdFNAXXgqUF7jtXqv9F
Score10/10-
Modifies system executable filetype association
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Executes dropped EXE
-
Registers COM server for autorun
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-