Overview

overview

10

Static

static

4

TeraBox_sl....3.exe

windows7-x64

10

TeraBox_sl....3.exe

windows10-2004-x64

4

$PLUGINSDI...UI.dll

windows7-x64

3

$PLUGINSDI...UI.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...sW.dll

windows7-x64

3

$PLUGINSDI...sW.dll

windows10-2004-x64

3

$TEMP/kernel.dll

windows7-x64

1

$TEMP/kernel.dll

windows10-2004-x64

1

AppUtil.dll

windows7-x64

1

AppUtil.dll

windows10-2004-x64

1

AutoUpdate...il.dll

windows7-x64

1

AutoUpdate...il.dll

windows10-2004-x64

3

AutoUpdate...te.exe

windows7-x64

1

AutoUpdate...te.exe

windows10-2004-x64

1

BugReport.exe

windows7-x64

3

BugReport.exe

windows10-2004-x64

5

Bull140U.dll

windows7-x64

1

Bull140U.dll

windows10-2004-x64

1

ChromeNati...st.exe

windows7-x64

1

ChromeNati...st.exe

windows10-2004-x64

1

HelpUtility.exe

windows7-x64

1

HelpUtility.exe

windows10-2004-x64

1

TeraBox.exe

windows7-x64

5

TeraBox.exe

windows10-2004-x64

5

TeraBoxHost.exe

windows7-x64

1

TeraBoxHost.exe

windows10-2004-x64

1

TeraBoxRender.exe

windows7-x64

1

TeraBoxRender.exe

windows10-2004-x64

1

TeraBoxWebService.exe

windows7-x64

1

TeraBoxWebService.exe

windows10-2004-x64

1

Resubmissions

29-02-2024 21:17

240229-z5c24acg6v 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TeraBox_sl_b_1.28.0.3.exe

  • Size

    85.5MB

  • Sample

    240229-z5c24acg6v

  • MD5

    e1aad2c0bfbccec454765e8a030c8856

  • SHA1

    95dd1d5a2a597f27321868d398a9701bcf0b49dc

  • SHA256

    271de5aed87a398dedf889c16d7927e90f07facb4774a073cd4f365073fe51f8

  • SHA512

    6167a3f6f3e405832292491e466b18dc3fded745f4f0bb5d7cb86e00a6bdcd510aa146558ed22a6a00d60ae25befa5ec123d55d65b2a2a2e6ab2d9b2c78d4530

  • SSDEEP

    1572864:HSgue/UMXkXd9CUAMIaulHaT3hxHbpuH1yv7EjDe40REbstaa0ONE71pO2EY8fvp:ygue/Ui+d9tAYulHaT3hxpv70Doubsa

Score
10/10
zloaderbotnetdiscoverylinkpdfpersistenceqrtrojan

Malware Config

Targets

    • Target

      TeraBox_sl_b_1.28.0.3.exe

    • Size

      85.5MB

    • MD5

      e1aad2c0bfbccec454765e8a030c8856

    • SHA1

      95dd1d5a2a597f27321868d398a9701bcf0b49dc

    • SHA256

      271de5aed87a398dedf889c16d7927e90f07facb4774a073cd4f365073fe51f8

    • SHA512

      6167a3f6f3e405832292491e466b18dc3fded745f4f0bb5d7cb86e00a6bdcd510aa146558ed22a6a00d60ae25befa5ec123d55d65b2a2a2e6ab2d9b2c78d4530

    • SSDEEP

      1572864:HSgue/UMXkXd9CUAMIaulHaT3hxHbpuH1yv7EjDe40REbstaa0ONE71pO2EY8fvp:ygue/Ui+d9tAYulHaT3hxpv70Doubsa

    Score
    10/10
    zloaderbotnetdiscoverypersistencetrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Adds Run key to start application

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/NsisInstallUI.dll

    • Size

      2.1MB

    • MD5

      7aad5c0c2a4a8e2d4f6c463b63dc0609

    • SHA1

      f257472d5a8e441c9300a9e4dd63f6b559a98bd0

    • SHA256

      03e2ac88d13ab95dbe53b037c458cc57e3ada6153022d9d2a4097aea938f89b6

    • SHA512

      418498124c939a44fb1bf3ce9113bed5cf419475c430e566e93a7c493037f788d82edb4318a4f9f833e1ffb6f3dbeb145ad3ccb82517ecf4cb82bac64dd42ccf

    • SSDEEP

      12288:ejH0Y1jL7JZ8RJK6Kml2wt0G9/V430NrHbukH2Dh5ccEudZrRkycQq7j2EqcPmqd:e70WppHmPh7R7JBBFmqQVLwS9/eTFsOf

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      8cf2ac271d7679b1d68eefc1ae0c5618

    • SHA1

      7cc1caaa747ee16dc894a600a4256f64fa65a9b8

    • SHA256

      6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba

    • SHA512

      ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3

    • SSDEEP

      192:BenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XB9IwL:B8+Qlt70Fj/lQRY/9VjjlL

    Score
    3/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/nsProcessW.dll

    • Size

      4KB

    • MD5

      f0438a894f3a7e01a4aae8d1b5dd0289

    • SHA1

      b058e3fcfb7b550041da16bf10d8837024c38bf6

    • SHA256

      30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

    • SHA512

      f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

    • SSDEEP

      48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj

    Score
    3/10
    behavioral7behavioral8

    • Target

      $TEMP/kernel.dll

    • Size

      7.5MB

    • MD5

      3addcb27ffbfeecf0cf1f4980e0b0baf

    • SHA1

      dde794a1bb1fba39d30334b0abce6010092c5d27

    • SHA256

      15c2a89dc69cc532d59c40946f4764aeff284fd01734c2f5783efd60ce14f40a

    • SHA512

      3f2ed545f5f913f645506829192291098a7981afdc761f5cb996c299abe0cd5befc1585b0bafd189a5505b3543cadb340df50fbf9551de4c84b9d193628a082b

    • SSDEEP

      196608:4uoz1uHMDYjG4mJmvoG7nAbyrxpetNvjr:4uozPoumvozbyOr

    Score
    1/10
    behavioral10behavioral9

    • Target

      AppUtil.dll

    • Size

      1.5MB

    • MD5

      ea966aaea4634e68ddf601507bdbfbd8

    • SHA1

      df2492ee0704ff4a49d1957bd9321c9e24b5b3e7

    • SHA256

      2156f931969b571a01f067a61a902655af7eb0280f5476896b42a6f864ac9a07

    • SHA512

      55c9c80b705a0621d2e7f4ca6e556581a542f69f9cb4fb6ae2997cb96b02ebc8b111a4030a967738682b46fb672adaeff2a3aa0f270a41e58c159fb49dd0f661

    • SSDEEP

      24576:f8VkPNZLUJzoKeECO/He8wekOHklDRLulTScsVPvL2MK4SVtIH+1v9uJDL:fPUJqSUulTtsVPvaM9SVtIH+1v9uh

    Score
    1/10
    behavioral11behavioral12

    • Target

      AutoUpdate/AutoUpdateUtil.dll

    • Size

      198KB

    • MD5

      d585f6453c8f564da8db0573ee311e0e

    • SHA1

      81df64177e63f98ceb9f6a4e0f002493abfc1e57

    • SHA256

      ef09b83ce0becbae769a323037e8cd9922a1f57f3fe0fd1f92957cea232f4913

    • SHA512

      a5973907c6ab1fa956a76a107957d59952a49b190c1e4dd82b7c49796516b896d59e256dd94ca0bf56d088dabe53d1681ebfeda3405dc47646c1c33d461dd153

    • SSDEEP

      3072:dOq3B8kyfQQC2mC2gbvCsGowP96rH0Vu3b1vJ4gMdzeVj+3O1fnMw:Qq3BJ4vCCa9Vgxl+GvM

    Score
    3/10
    behavioral13behavioral14

    • Target

      AutoUpdate/Autoupdate.exe

    • Size

      2.8MB

    • MD5

      bfd3f90367cb5f536047cfaee9567e79

    • SHA1

      86f1868b487d73dce0745f8b49edd23b014f88bc

    • SHA256

      ecac497288f8e37a5ed5dab2369c11c6945aae4fbf397963d112e4b7f6d8755b

    • SHA512

      010b8da2ed872d52c80c10a796c1cf9108a687b4626a7d69db6e39ca969935a162f9772de7647d88a9259c3249015a5b4d3fd986b13092fb7854161feede0186

    • SSDEEP

      49152:47L6oPOReVwkTVcXj/SZTLvIkP4qghxZ3fw58hG7UBu:47NQeZVcX7aIFqgnZvSZ

    Score
    1/10
    behavioral15behavioral16

    • Target

      BugReport.exe

    • Size

      1.4MB

    • MD5

      b9870127098967681d6ee92772c83220

    • SHA1

      9f6b50f22766647f43311bd47e0dca3bbea97489

    • SHA256

      2decd5a4d8740eef856fca7bf5f9241aa87339006bf3d675979685d3967c8a3d

    • SHA512

      74a1cf0adb6df19d12ca7e0a5412f9eacb343ed48fbe8e9bdd00e37ca72d05ebd142b4dc98dd97286c1c631d99af32d2eef18c01e605bcb8f8c77676534d9496

    • SSDEEP

      24576:wvlG+2O6nLOdc1G0BNmo5Suno0i1eBU2Jqh5Xok4NJFXu5rAHPr8qFTthUx5Apvc:wvlzEy0BNmoYuLqHMu5sHPr8qFToMpvc

    Score
    5/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral17behavioral18

    • Target

      Bull140U.dll

    • Size

      3.2MB

    • MD5

      b313af0c43927a6b145ad5fa4045f5d4

    • SHA1

      6ad88405ff040bcb7950cdf5ecb6edb24cec78ac

    • SHA256

      0dc503f6e66b641e6c83385c63e95a62b05154d209da39f9b66ed77f224626eb

    • SHA512

      7ff74516b7268d16accada1135b4d29bec8373701851379522637becfc9a0350ec3110fc957f3f3631ef5a2779e26ff9277416dfcecacd2f40ca4f9b4cb4cba6

    • SSDEEP

      49152:aucCrMncHiNTP0aVY+cTiPA+uo8TWvcAuWsKnORMoZwnlmd:tbCtVYfbno7HsKnO

    Score
    1/10
    behavioral19behavioral20

    • Target

      ChromeNativeMessagingHost.exe

    • Size

      126KB

    • MD5

      422d417ddf620a4e380fa5b74c4a5697

    • SHA1

      ed9e5d043d4ec523f712cc1806ce75595251680d

    • SHA256

      886e96f8782593577fbf81c345148c2d4afc4ceffb0c041f67919a1c769db349

    • SHA512

      e8380c4e88b2c41c3c624217a0f001fe3c5a2a0821af2288387efbf14abb32834bcfa3618f533f967a7c0e5059c1608b57fc1d264536153ec1c5ed6f2e7bfaab

    • SSDEEP

      1536:p3g0SyOZkuKe2nzGik0QkDYhH5RKA2CEilXR4LVO1L7nnHtnyBeiP:p3g0SywqqhH5RKA241R4pO1fnHtr+

    Score
    1/10
    behavioral21behavioral22

    • Target

      HelpUtility.exe

    • Size

      148KB

    • MD5

      1ea666d8c7f5a3e0ea6d3563f75d4b93

    • SHA1

      6c3ae48a450f11c20e0941a208137ca29fc4f17d

    • SHA256

      7da43055ca1913ffe1d89461308e4e0842a37832cde0962ee9149a59c5bee39a

    • SHA512

      494ea662348f1c9b282b1f016ebbaf0a0dfce66d90e5f345dd18b06601e7b78acf11dec623c18412c33a80a7bc08b25b3b91eadc0d365c2fa77d5ae587bb638c

    • SSDEEP

      3072:dSiN9E5e6zYYtEuk8Uu93C7aWoHWoFf53JB0bYveO1fnfqQi:dSiGzV5LhqbivSQ

    Score
    1/10
    behavioral23behavioral24

    • Target

      TeraBox.exe

    • Size

      6.8MB

    • MD5

      bce254dbffa461fd2257839b34b81b15

    • SHA1

      e554d9d8d4775d5b5eb8bb1a2cf1cbedd53b38dc

    • SHA256

      15a8c8ad6f8b99f758b82843d92a110616df6dd71a4c20873817db69e9b5008a

    • SHA512

      3376c40fa1115cffe8da2b7ff2d5b3242d00b6353f0268b3e39abcc72742691e9be2392b0760b74e8a4c722c25e10f816f651082dfefe915a1c7ee2cc1398fcb

    • SSDEEP

      98304:0VvTm0B0w8uOMSdQUpB5hHZVTbJGpkVShIsIM8iKqUU8CJ:gvTm64JMIp5T0kVSXIM8iKbCJ

    Score
    5/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral25behavioral26

    • Target

      TeraBoxHost.exe

    • Size

      643KB

    • MD5

      ee7a3a45045e2ad6ece8552d7f71299a

    • SHA1

      0a226197209387e18ce8dfec4568fe31f563ea0c

    • SHA256

      aa06b4a2f9f6ed23d2fe54c6f5797f22923dc9d7133eea6e2c468652c603c391

    • SHA512

      2d79b9c5d0782f9a85537d7713ace5181b9d0588e77bb5cf331d810ff616f5ea417a0f26b3a17f2f9ad4e9310530d6efe859735c45e965d5ce11b22dd54aab2f

    • SSDEEP

      6144:g+nj7IXYnzhmoX5Rz0jdWNuyxmnbjxzTHRz3sknQvhT:ILoX4XNln6

    Score
    1/10
    behavioral27behavioral28

    • Target

      TeraBoxRender.exe

    • Size

      737KB

    • MD5

      dbe0cc167be4160990a526aac95da5ce

    • SHA1

      84401fa524e8fd0a5bbeeeb990bf2ab06d51294e

    • SHA256

      13326e658682824817f1cd6ee18c4dc3f1144c28d195fd2b669a143c8bfaaad8

    • SHA512

      eceb696b3a7c162a30a57412f3c6a366609dd37c64d1c8f378b43e8f5810b01ae8e269c455bc46ffbed528100195c9ff8ca0b7693911be03e7a0f70b1cadd3d4

    • SSDEEP

      6144:IWF5wFO09j7KPQ7QK50g0umuUHlb5xVtq+2zi0Vvd6:IBFLj7x8dg0iUHlb5xV12G0

    Score
    1/10
    behavioral29behavioral30

    • Target

      TeraBoxWebService.exe

    • Size

      1.1MB

    • MD5

      cf207fac306ba6ac97f64a7426af8e6d

    • SHA1

      82eebe1113259ee70b55d28203a64ce8ae42f37f

    • SHA256

      83eb7ba759266d38df6afa36b98f85a076c530f7d0d75729df29d6c5d8943182

    • SHA512

      75d9beb159185f3a7e549e4605a4090aedbcb87bc216028d440fad51b804308c47c4889d488ae52cb2694d2090126b056d22ecec06200eb28a1aff6ef1dc17d5

    • SSDEEP

      12288:vzfoNHJMAdkx/GzpOmeSKeYD6ebL5UHk8UZw3ulzQxIH9cAPxTmtEaypx:vcNpMZx/SOeYD6KNF8UW3ul7HdPYMpx

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

5
T1112

Subvert Trust Controls

3
T1553

Install Root Certificate

3
T1553.004

Credential Access

Discovery

Query Registry

4
T1012

System Information Discovery

6
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

qrlinkpdf
Score
4/10

behavioral1

zloaderbotnetdiscoverypersistencetrojan
Score
10/10

behavioral2

Score
4/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
3/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
3/10

behavioral18

Score
5/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
5/10

behavioral26

Score
5/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10