Resubmissions

28-03-2024 13:35

240328-qvvdysfd4s 4

21-03-2024 15:21

240321-srcqvaed68 10

General

  • Target

    TeraBox_sl_b_1.30.0.2.exe

  • Size

    85.5MB

  • Sample

    240321-srcqvaed68

  • MD5

    bf389a8ab715cd3e1240ea6f6872023b

  • SHA1

    ea216a5b29480223a96c609585bc37d1a2a8b658

  • SHA256

    cdd9213c986f4dcc1f2c07f584d564c6a3ba00c9c27fe016bf51fd70ff0ef973

  • SHA512

    f17b9411f9b2803cf4dc2d98ba529bd55eca953be340abd1da0f9fa042e61fcc181e74b0bfa7fb4e9bb1ce3d97f14ce80b2865d20f59741a594f39f7332a3505

  • SSDEEP

    1572864:9m0dHtOx0eSgs6bZQ+/bKMN4+j6Hv5fhEk6MjHOi8IIXBBLyREG:c0jOyera+/bKMFj+x6wO0IXHyRB

Malware Config

Targets

    • Target

      TeraBox_sl_b_1.30.0.2.exe

    • Size

      85.5MB

    • MD5

      bf389a8ab715cd3e1240ea6f6872023b

    • SHA1

      ea216a5b29480223a96c609585bc37d1a2a8b658

    • SHA256

      cdd9213c986f4dcc1f2c07f584d564c6a3ba00c9c27fe016bf51fd70ff0ef973

    • SHA512

      f17b9411f9b2803cf4dc2d98ba529bd55eca953be340abd1da0f9fa042e61fcc181e74b0bfa7fb4e9bb1ce3d97f14ce80b2865d20f59741a594f39f7332a3505

    • SSDEEP

      1572864:9m0dHtOx0eSgs6bZQ+/bKMN4+j6Hv5fhEk6MjHOi8IIXBBLyREG:c0jOyera+/bKMFj+x6wO0IXHyRB

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Adds Run key to start application

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      $PLUGINSDIR/NsisInstallUI.dll

    • Size

      2.1MB

    • MD5

      93a820253b303c46ca5b6ba1e9ccec8d

    • SHA1

      e691405b2906037008aa9e21817f579bf6c122ed

    • SHA256

      6291ca8ac49760517bc06ed1f180d98ecd98b7993b32bcf6e350aa3993a42937

    • SHA512

      708bce83e878a2a7c3dbbd888db5916e553c641915aaa182629612e8981c77a6110390569755566490615aaf6f5b4a637f47c4e8a103a158f42284b8c3bf1c6a

    • SSDEEP

      12288:BjH0Y1jL7JZ8RJK6Kml2wt0G9/V430NrHbukH2Dh5ccEudZrRkycQq7j2EqcPmqm:B70WppHmPh7R7JBBFmqQVLwS9/5TFsOb

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      8cf2ac271d7679b1d68eefc1ae0c5618

    • SHA1

      7cc1caaa747ee16dc894a600a4256f64fa65a9b8

    • SHA256

      6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba

    • SHA512

      ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3

    • SSDEEP

      192:BenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XB9IwL:B8+Qlt70Fj/lQRY/9VjjlL

    Score
    3/10
    • Target

      $PLUGINSDIR/nsProcessW.dll

    • Size

      4KB

    • MD5

      f0438a894f3a7e01a4aae8d1b5dd0289

    • SHA1

      b058e3fcfb7b550041da16bf10d8837024c38bf6

    • SHA256

      30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

    • SHA512

      f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

    • SSDEEP

      48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj

    Score
    3/10
    • Target

      $TEMP/kernel.dll

    • Size

      7.5MB

    • MD5

      3addcb27ffbfeecf0cf1f4980e0b0baf

    • SHA1

      dde794a1bb1fba39d30334b0abce6010092c5d27

    • SHA256

      15c2a89dc69cc532d59c40946f4764aeff284fd01734c2f5783efd60ce14f40a

    • SHA512

      3f2ed545f5f913f645506829192291098a7981afdc761f5cb996c299abe0cd5befc1585b0bafd189a5505b3543cadb340df50fbf9551de4c84b9d193628a082b

    • SSDEEP

      196608:4uoz1uHMDYjG4mJmvoG7nAbyrxpetNvjr:4uozPoumvozbyOr

    Score
    1/10
    • Target

      AppUtil.dll

    • Size

      1.5MB

    • MD5

      3f232fd34abbba86180fd6b5e02f99f0

    • SHA1

      65475e6d32bd40bc1347ed206f9d33442ba41c2b

    • SHA256

      552dd772b479d9f7f8f27712a0f2f8daf8cb501d90acc1468e0257bde2bffca8

    • SHA512

      0c4086dfe128dedfa7d34958e15f993108cf6b7b49ed82d3e4e889b1ade3d8c7ff0a167616a429c50dd69c9cb12ec81ac6e69c25c2f8907163be1039514b913c

    • SSDEEP

      24576:B8VkPNZLUJzoKeECO/He8wekOHklDRLulTScsVPvL2Mu4SVtIH+1v9:BPUJqSUulTtsVPvaMBSVtIH+1v9

    Score
    1/10
    • Target

      AutoUpdate/AutoUpdateUtil.dll

    • Size

      198KB

    • MD5

      9f7d3fde1719047bbc7006698e61f895

    • SHA1

      10e7d44c125382c8736d693ca6610546581deae7

    • SHA256

      980bd27c47eaec7a3028dac12d09283bf5f8f764c7954d6afb49610707ad0088

    • SHA512

      ee814138bfd08118ca67555eeadf75d7df724190022644d34610cd98d1cd29239872dbae400d47f1963485c742f00be900036c88faf7b032d9419079d6e598fd

    • SSDEEP

      3072:EOq3B8kyfQQC2mC2gbvCsGowP96rH0Vu3b1vJ4gMdTmVj+KO1fnREb:Lq3BJ4vCCa9VgxZ+tvRq

    Score
    3/10
    • Target

      AutoUpdate/Autoupdate.exe

    • Size

      2.8MB

    • MD5

      8ccf980ea54f3605d4360645416ad152

    • SHA1

      99231ce34e0ff68dd417c2246a5ca71d147f96fe

    • SHA256

      40a650cb5d37d6a5b3d8674f50ae3f6e243ac80f595f64d0b72f97854d5f20df

    • SHA512

      644c51032536934bf1ebce9c93e97d201f18fffd21d31fb083853c7084c8fc63a35c02907bf91be0301805103a892c3f03164f5543daa976b22788b364be1a21

    • SSDEEP

      49152:x7L6oPOReVwkTVcXj/SZTLvIkP4qghgZnfw58hG7UB:x7NQeZVcX7aIFqgiZfS

    Score
    1/10
    • Target

      BugReport.exe

    • Size

      1.4MB

    • MD5

      8f652f739e7a588ccca067b79769e8eb

    • SHA1

      33e3ef85ae22b9e67fba89e7f275bbc1ab02c885

    • SHA256

      3f260b1eac4c6b2ca4e5e8da257954b240d878a22f92b7fb88cea5dd91f6f332

    • SHA512

      c6322ca2dde2488e5ee693d73107acebccf48a7a8d444cb0ba58fe44c2911a2ccd14c0098a2df1d4fc2844b1b0d331e5770eb1d716edbfc3b61f4f22e305a8eb

    • SSDEEP

      24576:vvlG+2O6nLOdc1G0BNmo5Suno0i1eBU2Jqh5Xok4NJFXunrAHPr8qFTtfkx5ApvF:vvlzEy0BNmoYuLqHMunsHPr8qFTKMpvF

    Score
    5/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      Bull140U.dll

    • Size

      3.2MB

    • MD5

      beeb151d977f3a5c505e6235fce14254

    • SHA1

      9547ccc48e35effef55891d9ac91aca118335cf0

    • SHA256

      ce673d3e52f338333790a0214a5032bc498af64a538158e7f4c540b40e0f6b04

    • SHA512

      1d12d39ff8d46021c8241a41ecc3875d8f017bb1d3b7abad8aa2c945b2b4c0472900ef5a7feabce657fb8a55f3586f9ad76d9e836c43cb3502b2bace32dbe985

    • SSDEEP

      49152:eucCrMzcHiNTP0aVY+cTiPA+uo8TWh6UU3JxpHIWkU1ZwnlmdE:ZPCtVYfbnoV6UCZHIxZ

    Score
    1/10
    • Target

      ChromeNativeMessagingHost.exe

    • Size

      126KB

    • MD5

      4596e79362419c69eadb51f3ed3b57d3

    • SHA1

      0fce2689ea84e9595fced4219780443542b7ea44

    • SHA256

      a7f793c09ee93bc0bb8f1ed7b6ee67c6250ccdb72255d0a28a98b6b0cb7cf6ae

    • SHA512

      b9afb0d28656929999c6fa6111d24acc0502901927aa4f13bf91713b019e0a2e48233ed16590f0173afcccb1474745dde95e287edff8e6c56649df62826eb9b7

    • SSDEEP

      1536:Q3g0SyOZkuKe2nzGik0QkDYhH5RKA2CE8lXR4LZO1L7nnhn4Leim6X:Q3g0SywqqhH5RKA2m1R4FO1fnhxZQ

    Score
    1/10
    • Target

      HelpUtility.exe

    • Size

      148KB

    • MD5

      8b1ce9c558e25f108080d223dfa37ac4

    • SHA1

      a6ea1e2bf00a1e17bc98b68bef63f2ea6f5612d7

    • SHA256

      f9fa819050c2144318bfb9ffeb4677763e90e72fde0c4ace470e45f2665b781e

    • SHA512

      b422de56afc0b9dc14fd5594715263bfbf2ba54c15490c30295a28d128bfa119247dee88bb4eec9597b1e6751f6bcdefb0e7b4bf750346f692bc180694b4f199

    • SSDEEP

      3072:hSiN9E5e6zYYtEuk8Uu93C7aWoHWoFN03JB0bI/9O1fnV5n5:hSiGzV5L3hbLvVr

    Score
    1/10
    • Target

      TeraBox.exe

    • Size

      6.8MB

    • MD5

      cd2539c928a77b46c37a9b4da821fa97

    • SHA1

      a8445e7cd4fc1083f7aa464f5adf9374aefeaa5d

    • SHA256

      74eb8cb2e07ff1eee37441cddb6563bc298da45a738f4f32513da5a82a164bb5

    • SHA512

      82ad8f18409419d52bee433e51929a9d16375ebc12d2ac2d8d9b592783f813e531d052394d5fcdbd4bad6d04993653f8ac7840c6a3048ea30dc8ca7d54ee142f

    • SSDEEP

      98304:8zWVnRcmVlL/Evm5yvvF1wFCIxmKkVaekszxlWPl3JE/nP:6WVnR3KvLH8C49kVaeLdlWwn

    Score
    5/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      TeraBoxHost.exe

    • Size

      643KB

    • MD5

      33bdad0009ea101f8ff1c4a33cfc5f8b

    • SHA1

      7f42bc455635562b3a5559721aacd8edc8ab4dd4

    • SHA256

      d238e129d8c4d15c48d56445ee1f07a816b140bae2e76d5e251c7c0c265896f9

    • SHA512

      d911807851b4ed78fcb82a1fd37159910657b5d51d84fb4e8ee15f174fb6fb8483c95b5941334976830c38cdf407726cef4b9a58581c9f01451e27042b16e02d

    • SSDEEP

      6144:V+nj7IXYnzhmoX5Rz0jdWNuyxmnbjxzqHRz3sUntv0s:zLoX4XNknT

    Score
    1/10
    • Target

      TeraBoxRender.exe

    • Size

      737KB

    • MD5

      f3ac5bb8444726884b1a9ef091eda821

    • SHA1

      9408da41cdcb17f53066403d804634bc25ceb084

    • SHA256

      91ba1bf2c7a35a37db6f91c4108fd1be25c520094cb81b0276e77e7deb1a550f

    • SHA512

      8e4ca46048058777d9ab49df0f5e3b213e5fce8abbf2b87ad39d9b4a55834aa3cfae390dc990ffe719ca08bec68b6a300ae6b276e85c54d569567e3f42d37e7f

    • SSDEEP

      6144:8WF5wFO09j7KPQ7QK50g0umuUHlb5xVtq+2zi0Cvl6A:8BFLj7x8dg0iUHlb5xV12G0C

    Score
    1/10
    • Target

      TeraBoxWebService.exe

    • Size

      1.1MB

    • MD5

      3f4745a244a479f2777bd76daed1fa48

    • SHA1

      7479840b8a553abad3aca13175ac550c11d73ada

    • SHA256

      cb3685719891464af71b08c01114d3d86d1b223318a5e95e9ab6e3fba2ca53dd

    • SHA512

      c9ae5d3b3e9f1f503d377aefc5c64b599772e34d5bf6c713548f30688b407caf2ce0e0dc11f4077cffde6c1dcd0f2b9e94045223436579bc119b166f0e632557

    • SSDEEP

      12288:nzfoNHJMAdkx/GzpOmeSKeYD6ebL5UHk8UZw3ulz4xIH9cAPxTmnEJyf:ncNpMZx/SOeYD6KNF8UW3ulDHdPuNf

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

qrlinkpdf
Score
4/10

behavioral1

zloaderbotnetdiscoverypersistencetrojan
Score
10/10

behavioral2

Score
4/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
3/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
3/10

behavioral18

Score
5/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
5/10

behavioral26

Score
5/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10