Overview

overview

10

Static

static

1

TeraBox_sl....9.exe

windows7-x64

10

TeraBox_sl....9.exe

windows10-2004-x64

10

Resubmissions

20-09-2023 14:11

230920-rhnajsgf9z 6

16-09-2023 04:09

230916-eqv9xagg7v 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TeraBox_sl_b_1.23.0.9.exe

  • Size

    84.5MB

  • Sample

    230916-eqv9xagg7v

  • MD5

    7dcba44868b48ecdba2f73d433f169f7

  • SHA1

    932c96465b4a459477515e40dcb2f123e90b72dd

  • SHA256

    d7e7b2d54cb4cfa0796049e866e9a3a4ccf400c8492876c3085b8eb45c7d754f

  • SHA512

    1733612a6d8ebb85b8e6577ed8e4eeff7f512860ab42db886b46e3301bd7c29476c3433c8c831f63a095c894355a5722dca19f62ffcd84b46982c7fd845a2e7c

  • SSDEEP

    1572864:kTqOX2HZv0OLfmYwgDFNF69OfX5m1yysYnkLeInfMez:k258OLuYZDFv7f5NcgeEkez

Score
10/10
lummazloaderbotnetdiscoverypersistencestealertrojan

Malware Config

Targets

    • Target

      TeraBox_sl_b_1.23.0.9.exe

    • Size

      84.5MB

    • MD5

      7dcba44868b48ecdba2f73d433f169f7

    • SHA1

      932c96465b4a459477515e40dcb2f123e90b72dd

    • SHA256

      d7e7b2d54cb4cfa0796049e866e9a3a4ccf400c8492876c3085b8eb45c7d754f

    • SHA512

      1733612a6d8ebb85b8e6577ed8e4eeff7f512860ab42db886b46e3301bd7c29476c3433c8c831f63a095c894355a5722dca19f62ffcd84b46982c7fd845a2e7c

    • SSDEEP

      1572864:kTqOX2HZv0OLfmYwgDFNF69OfX5m1yysYnkLeInfMez:k258OLuYZDFv7f5NcgeEkez

    Score
    10/10
    zloaderbotnetdiscoverypersistencetrojanlummastealer

    • Detect Lumma Stealer payload V2

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Adds Run key to start application

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks