Overview
overview
10Static
static
4TeraBox_sl....3.exe
windows7-x64
10TeraBox_sl....3.exe
windows10-2004-x64
4$PLUGINSDI...UI.dll
windows7-x64
3$PLUGINSDI...UI.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...sW.dll
windows7-x64
3$PLUGINSDI...sW.dll
windows10-2004-x64
3$TEMP/kernel.dll
windows7-x64
1$TEMP/kernel.dll
windows10-2004-x64
1AppUtil.dll
windows7-x64
1AppUtil.dll
windows10-2004-x64
1AutoUpdate...il.dll
windows7-x64
1AutoUpdate...il.dll
windows10-2004-x64
3AutoUpdate...te.exe
windows7-x64
1AutoUpdate...te.exe
windows10-2004-x64
1BugReport.exe
windows7-x64
3BugReport.exe
windows10-2004-x64
5Bull140U.dll
windows7-x64
1Bull140U.dll
windows10-2004-x64
1ChromeNati...st.exe
windows7-x64
1ChromeNati...st.exe
windows10-2004-x64
1HelpUtility.exe
windows7-x64
1HelpUtility.exe
windows10-2004-x64
1TeraBox.exe
windows7-x64
5TeraBox.exe
windows10-2004-x64
5TeraBoxHost.exe
windows7-x64
1TeraBoxHost.exe
windows10-2004-x64
1TeraBoxRender.exe
windows7-x64
1TeraBoxRender.exe
windows10-2004-x64
1TeraBoxWebService.exe
windows7-x64
1TeraBoxWebService.exe
windows10-2004-x64
1Resubmissions
29-02-2024 21:17
240229-z5c24acg6v 10General
-
Target
TeraBox_sl_b_1.28.0.3.exe
-
Size
85.5MB
-
Sample
240229-z5c24acg6v
-
MD5
e1aad2c0bfbccec454765e8a030c8856
-
SHA1
95dd1d5a2a597f27321868d398a9701bcf0b49dc
-
SHA256
271de5aed87a398dedf889c16d7927e90f07facb4774a073cd4f365073fe51f8
-
SHA512
6167a3f6f3e405832292491e466b18dc3fded745f4f0bb5d7cb86e00a6bdcd510aa146558ed22a6a00d60ae25befa5ec123d55d65b2a2a2e6ab2d9b2c78d4530
-
SSDEEP
1572864:HSgue/UMXkXd9CUAMIaulHaT3hxHbpuH1yv7EjDe40REbstaa0ONE71pO2EY8fvp:ygue/Ui+d9tAYulHaT3hxpv70Doubsa
Behavioral task
behavioral1
Sample
TeraBox_sl_b_1.28.0.3.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
TeraBox_sl_b_1.28.0.3.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/NsisInstallUI.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/NsisInstallUI.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240215-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsProcessW.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsProcessW.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
$TEMP/kernel.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$TEMP/kernel.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
AppUtil.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
AppUtil.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
AutoUpdate/AutoUpdateUtil.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
AutoUpdate/AutoUpdateUtil.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
AutoUpdate/Autoupdate.exe
Resource
win7-20240220-en
Behavioral task
behavioral16
Sample
AutoUpdate/Autoupdate.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
BugReport.exe
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
BugReport.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
Bull140U.dll
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
Bull140U.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
ChromeNativeMessagingHost.exe
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
ChromeNativeMessagingHost.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
HelpUtility.exe
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
HelpUtility.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
TeraBox.exe
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
TeraBox.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
TeraBoxHost.exe
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
TeraBoxHost.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
TeraBoxRender.exe
Resource
win7-20240215-en
Behavioral task
behavioral30
Sample
TeraBoxRender.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
TeraBoxWebService.exe
Resource
win7-20240220-en
Behavioral task
behavioral32
Sample
TeraBoxWebService.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
TeraBox_sl_b_1.28.0.3.exe
-
Size
85.5MB
-
MD5
e1aad2c0bfbccec454765e8a030c8856
-
SHA1
95dd1d5a2a597f27321868d398a9701bcf0b49dc
-
SHA256
271de5aed87a398dedf889c16d7927e90f07facb4774a073cd4f365073fe51f8
-
SHA512
6167a3f6f3e405832292491e466b18dc3fded745f4f0bb5d7cb86e00a6bdcd510aa146558ed22a6a00d60ae25befa5ec123d55d65b2a2a2e6ab2d9b2c78d4530
-
SSDEEP
1572864:HSgue/UMXkXd9CUAMIaulHaT3hxHbpuH1yv7EjDe40REbstaa0ONE71pO2EY8fvp:ygue/Ui+d9tAYulHaT3hxpv70Doubsa
Score10/10-
Adds Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
$PLUGINSDIR/NsisInstallUI.dll
-
Size
2.1MB
-
MD5
7aad5c0c2a4a8e2d4f6c463b63dc0609
-
SHA1
f257472d5a8e441c9300a9e4dd63f6b559a98bd0
-
SHA256
03e2ac88d13ab95dbe53b037c458cc57e3ada6153022d9d2a4097aea938f89b6
-
SHA512
418498124c939a44fb1bf3ce9113bed5cf419475c430e566e93a7c493037f788d82edb4318a4f9f833e1ffb6f3dbeb145ad3ccb82517ecf4cb82bac64dd42ccf
-
SSDEEP
12288:ejH0Y1jL7JZ8RJK6Kml2wt0G9/V430NrHbukH2Dh5ccEudZrRkycQq7j2EqcPmqd:e70WppHmPh7R7JBBFmqQVLwS9/eTFsOf
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
8cf2ac271d7679b1d68eefc1ae0c5618
-
SHA1
7cc1caaa747ee16dc894a600a4256f64fa65a9b8
-
SHA256
6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba
-
SHA512
ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3
-
SSDEEP
192:BenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XB9IwL:B8+Qlt70Fj/lQRY/9VjjlL
Score3/10 -
-
-
Target
$PLUGINSDIR/nsProcessW.dll
-
Size
4KB
-
MD5
f0438a894f3a7e01a4aae8d1b5dd0289
-
SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6
-
SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
-
SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
-
SSDEEP
48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj
Score3/10 -
-
-
Target
$TEMP/kernel.dll
-
Size
7.5MB
-
MD5
3addcb27ffbfeecf0cf1f4980e0b0baf
-
SHA1
dde794a1bb1fba39d30334b0abce6010092c5d27
-
SHA256
15c2a89dc69cc532d59c40946f4764aeff284fd01734c2f5783efd60ce14f40a
-
SHA512
3f2ed545f5f913f645506829192291098a7981afdc761f5cb996c299abe0cd5befc1585b0bafd189a5505b3543cadb340df50fbf9551de4c84b9d193628a082b
-
SSDEEP
196608:4uoz1uHMDYjG4mJmvoG7nAbyrxpetNvjr:4uozPoumvozbyOr
Score1/10 -
-
-
Target
AppUtil.dll
-
Size
1.5MB
-
MD5
ea966aaea4634e68ddf601507bdbfbd8
-
SHA1
df2492ee0704ff4a49d1957bd9321c9e24b5b3e7
-
SHA256
2156f931969b571a01f067a61a902655af7eb0280f5476896b42a6f864ac9a07
-
SHA512
55c9c80b705a0621d2e7f4ca6e556581a542f69f9cb4fb6ae2997cb96b02ebc8b111a4030a967738682b46fb672adaeff2a3aa0f270a41e58c159fb49dd0f661
-
SSDEEP
24576:f8VkPNZLUJzoKeECO/He8wekOHklDRLulTScsVPvL2MK4SVtIH+1v9uJDL:fPUJqSUulTtsVPvaM9SVtIH+1v9uh
Score1/10 -
-
-
Target
AutoUpdate/AutoUpdateUtil.dll
-
Size
198KB
-
MD5
d585f6453c8f564da8db0573ee311e0e
-
SHA1
81df64177e63f98ceb9f6a4e0f002493abfc1e57
-
SHA256
ef09b83ce0becbae769a323037e8cd9922a1f57f3fe0fd1f92957cea232f4913
-
SHA512
a5973907c6ab1fa956a76a107957d59952a49b190c1e4dd82b7c49796516b896d59e256dd94ca0bf56d088dabe53d1681ebfeda3405dc47646c1c33d461dd153
-
SSDEEP
3072:dOq3B8kyfQQC2mC2gbvCsGowP96rH0Vu3b1vJ4gMdzeVj+3O1fnMw:Qq3BJ4vCCa9Vgxl+GvM
Score3/10 -
-
-
Target
AutoUpdate/Autoupdate.exe
-
Size
2.8MB
-
MD5
bfd3f90367cb5f536047cfaee9567e79
-
SHA1
86f1868b487d73dce0745f8b49edd23b014f88bc
-
SHA256
ecac497288f8e37a5ed5dab2369c11c6945aae4fbf397963d112e4b7f6d8755b
-
SHA512
010b8da2ed872d52c80c10a796c1cf9108a687b4626a7d69db6e39ca969935a162f9772de7647d88a9259c3249015a5b4d3fd986b13092fb7854161feede0186
-
SSDEEP
49152:47L6oPOReVwkTVcXj/SZTLvIkP4qghxZ3fw58hG7UBu:47NQeZVcX7aIFqgnZvSZ
Score1/10 -
-
-
Target
BugReport.exe
-
Size
1.4MB
-
MD5
b9870127098967681d6ee92772c83220
-
SHA1
9f6b50f22766647f43311bd47e0dca3bbea97489
-
SHA256
2decd5a4d8740eef856fca7bf5f9241aa87339006bf3d675979685d3967c8a3d
-
SHA512
74a1cf0adb6df19d12ca7e0a5412f9eacb343ed48fbe8e9bdd00e37ca72d05ebd142b4dc98dd97286c1c631d99af32d2eef18c01e605bcb8f8c77676534d9496
-
SSDEEP
24576:wvlG+2O6nLOdc1G0BNmo5Suno0i1eBU2Jqh5Xok4NJFXu5rAHPr8qFTthUx5Apvc:wvlzEy0BNmoYuLqHMu5sHPr8qFToMpvc
Score5/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
Bull140U.dll
-
Size
3.2MB
-
MD5
b313af0c43927a6b145ad5fa4045f5d4
-
SHA1
6ad88405ff040bcb7950cdf5ecb6edb24cec78ac
-
SHA256
0dc503f6e66b641e6c83385c63e95a62b05154d209da39f9b66ed77f224626eb
-
SHA512
7ff74516b7268d16accada1135b4d29bec8373701851379522637becfc9a0350ec3110fc957f3f3631ef5a2779e26ff9277416dfcecacd2f40ca4f9b4cb4cba6
-
SSDEEP
49152:aucCrMncHiNTP0aVY+cTiPA+uo8TWvcAuWsKnORMoZwnlmd:tbCtVYfbno7HsKnO
Score1/10 -
-
-
Target
ChromeNativeMessagingHost.exe
-
Size
126KB
-
MD5
422d417ddf620a4e380fa5b74c4a5697
-
SHA1
ed9e5d043d4ec523f712cc1806ce75595251680d
-
SHA256
886e96f8782593577fbf81c345148c2d4afc4ceffb0c041f67919a1c769db349
-
SHA512
e8380c4e88b2c41c3c624217a0f001fe3c5a2a0821af2288387efbf14abb32834bcfa3618f533f967a7c0e5059c1608b57fc1d264536153ec1c5ed6f2e7bfaab
-
SSDEEP
1536:p3g0SyOZkuKe2nzGik0QkDYhH5RKA2CEilXR4LVO1L7nnHtnyBeiP:p3g0SywqqhH5RKA241R4pO1fnHtr+
Score1/10 -
-
-
Target
HelpUtility.exe
-
Size
148KB
-
MD5
1ea666d8c7f5a3e0ea6d3563f75d4b93
-
SHA1
6c3ae48a450f11c20e0941a208137ca29fc4f17d
-
SHA256
7da43055ca1913ffe1d89461308e4e0842a37832cde0962ee9149a59c5bee39a
-
SHA512
494ea662348f1c9b282b1f016ebbaf0a0dfce66d90e5f345dd18b06601e7b78acf11dec623c18412c33a80a7bc08b25b3b91eadc0d365c2fa77d5ae587bb638c
-
SSDEEP
3072:dSiN9E5e6zYYtEuk8Uu93C7aWoHWoFf53JB0bYveO1fnfqQi:dSiGzV5LhqbivSQ
Score1/10 -
-
-
Target
TeraBox.exe
-
Size
6.8MB
-
MD5
bce254dbffa461fd2257839b34b81b15
-
SHA1
e554d9d8d4775d5b5eb8bb1a2cf1cbedd53b38dc
-
SHA256
15a8c8ad6f8b99f758b82843d92a110616df6dd71a4c20873817db69e9b5008a
-
SHA512
3376c40fa1115cffe8da2b7ff2d5b3242d00b6353f0268b3e39abcc72742691e9be2392b0760b74e8a4c722c25e10f816f651082dfefe915a1c7ee2cc1398fcb
-
SSDEEP
98304:0VvTm0B0w8uOMSdQUpB5hHZVTbJGpkVShIsIM8iKqUU8CJ:gvTm64JMIp5T0kVSXIM8iKbCJ
Score5/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
TeraBoxHost.exe
-
Size
643KB
-
MD5
ee7a3a45045e2ad6ece8552d7f71299a
-
SHA1
0a226197209387e18ce8dfec4568fe31f563ea0c
-
SHA256
aa06b4a2f9f6ed23d2fe54c6f5797f22923dc9d7133eea6e2c468652c603c391
-
SHA512
2d79b9c5d0782f9a85537d7713ace5181b9d0588e77bb5cf331d810ff616f5ea417a0f26b3a17f2f9ad4e9310530d6efe859735c45e965d5ce11b22dd54aab2f
-
SSDEEP
6144:g+nj7IXYnzhmoX5Rz0jdWNuyxmnbjxzTHRz3sknQvhT:ILoX4XNln6
Score1/10 -
-
-
Target
TeraBoxRender.exe
-
Size
737KB
-
MD5
dbe0cc167be4160990a526aac95da5ce
-
SHA1
84401fa524e8fd0a5bbeeeb990bf2ab06d51294e
-
SHA256
13326e658682824817f1cd6ee18c4dc3f1144c28d195fd2b669a143c8bfaaad8
-
SHA512
eceb696b3a7c162a30a57412f3c6a366609dd37c64d1c8f378b43e8f5810b01ae8e269c455bc46ffbed528100195c9ff8ca0b7693911be03e7a0f70b1cadd3d4
-
SSDEEP
6144:IWF5wFO09j7KPQ7QK50g0umuUHlb5xVtq+2zi0Vvd6:IBFLj7x8dg0iUHlb5xV12G0
Score1/10 -
-
-
Target
TeraBoxWebService.exe
-
Size
1.1MB
-
MD5
cf207fac306ba6ac97f64a7426af8e6d
-
SHA1
82eebe1113259ee70b55d28203a64ce8ae42f37f
-
SHA256
83eb7ba759266d38df6afa36b98f85a076c530f7d0d75729df29d6c5d8943182
-
SHA512
75d9beb159185f3a7e549e4605a4090aedbcb87bc216028d440fad51b804308c47c4889d488ae52cb2694d2090126b056d22ecec06200eb28a1aff6ef1dc17d5
-
SSDEEP
12288:vzfoNHJMAdkx/GzpOmeSKeYD6ebL5UHk8UZw3ulzQxIH9cAPxTmtEaypx:vcNpMZx/SOeYD6KNF8UW3ul7HdPYMpx
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Change Default File Association
1