Overview
overview
10Static
static
4TeraBox_sl....2.exe
windows7-x64
10TeraBox_sl....2.exe
windows10-2004-x64
4$PLUGINSDI...UI.dll
windows7-x64
3$PLUGINSDI...UI.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...sW.dll
windows7-x64
3$PLUGINSDI...sW.dll
windows10-2004-x64
3$TEMP/kernel.dll
windows7-x64
1$TEMP/kernel.dll
windows10-2004-x64
1AppUtil.dll
windows7-x64
1AppUtil.dll
windows10-2004-x64
1AutoUpdate...il.dll
windows7-x64
1AutoUpdate...il.dll
windows10-2004-x64
3AutoUpdate...te.exe
windows7-x64
1AutoUpdate...te.exe
windows10-2004-x64
1BugReport.exe
windows7-x64
3BugReport.exe
windows10-2004-x64
5Bull140U.dll
windows7-x64
1Bull140U.dll
windows10-2004-x64
1ChromeNati...st.exe
windows7-x64
1ChromeNati...st.exe
windows10-2004-x64
1HelpUtility.exe
windows7-x64
1HelpUtility.exe
windows10-2004-x64
1TeraBox.exe
windows7-x64
5TeraBox.exe
windows10-2004-x64
5TeraBoxHost.exe
windows7-x64
1TeraBoxHost.exe
windows10-2004-x64
1TeraBoxRender.exe
windows7-x64
1TeraBoxRender.exe
windows10-2004-x64
1TeraBoxWebService.exe
windows7-x64
1TeraBoxWebService.exe
windows10-2004-x64
1General
-
Target
TeraBox_sl_b_1.30.0.2.exe
-
Size
85.5MB
-
Sample
240321-srcqvaed68
-
MD5
bf389a8ab715cd3e1240ea6f6872023b
-
SHA1
ea216a5b29480223a96c609585bc37d1a2a8b658
-
SHA256
cdd9213c986f4dcc1f2c07f584d564c6a3ba00c9c27fe016bf51fd70ff0ef973
-
SHA512
f17b9411f9b2803cf4dc2d98ba529bd55eca953be340abd1da0f9fa042e61fcc181e74b0bfa7fb4e9bb1ce3d97f14ce80b2865d20f59741a594f39f7332a3505
-
SSDEEP
1572864:9m0dHtOx0eSgs6bZQ+/bKMN4+j6Hv5fhEk6MjHOi8IIXBBLyREG:c0jOyera+/bKMFj+x6wO0IXHyRB
Behavioral task
behavioral1
Sample
TeraBox_sl_b_1.30.0.2.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
TeraBox_sl_b_1.30.0.2.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/NsisInstallUI.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/NsisInstallUI.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240319-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsProcessW.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsProcessW.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
$TEMP/kernel.dll
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
$TEMP/kernel.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
AppUtil.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
AppUtil.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
AutoUpdate/AutoUpdateUtil.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
AutoUpdate/AutoUpdateUtil.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
AutoUpdate/Autoupdate.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
AutoUpdate/Autoupdate.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
BugReport.exe
Resource
win7-20240220-en
Behavioral task
behavioral18
Sample
BugReport.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral19
Sample
Bull140U.dll
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
Bull140U.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
ChromeNativeMessagingHost.exe
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
ChromeNativeMessagingHost.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
HelpUtility.exe
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
HelpUtility.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
TeraBox.exe
Resource
win7-20240319-en
Behavioral task
behavioral26
Sample
TeraBox.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
TeraBoxHost.exe
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
TeraBoxHost.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
TeraBoxRender.exe
Resource
win7-20240215-en
Behavioral task
behavioral30
Sample
TeraBoxRender.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
TeraBoxWebService.exe
Resource
win7-20231129-en
Behavioral task
behavioral32
Sample
TeraBoxWebService.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
TeraBox_sl_b_1.30.0.2.exe
-
Size
85.5MB
-
MD5
bf389a8ab715cd3e1240ea6f6872023b
-
SHA1
ea216a5b29480223a96c609585bc37d1a2a8b658
-
SHA256
cdd9213c986f4dcc1f2c07f584d564c6a3ba00c9c27fe016bf51fd70ff0ef973
-
SHA512
f17b9411f9b2803cf4dc2d98ba529bd55eca953be340abd1da0f9fa042e61fcc181e74b0bfa7fb4e9bb1ce3d97f14ce80b2865d20f59741a594f39f7332a3505
-
SSDEEP
1572864:9m0dHtOx0eSgs6bZQ+/bKMN4+j6Hv5fhEk6MjHOi8IIXBBLyREG:c0jOyera+/bKMFj+x6wO0IXHyRB
Score10/10-
Adds Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
$PLUGINSDIR/NsisInstallUI.dll
-
Size
2.1MB
-
MD5
93a820253b303c46ca5b6ba1e9ccec8d
-
SHA1
e691405b2906037008aa9e21817f579bf6c122ed
-
SHA256
6291ca8ac49760517bc06ed1f180d98ecd98b7993b32bcf6e350aa3993a42937
-
SHA512
708bce83e878a2a7c3dbbd888db5916e553c641915aaa182629612e8981c77a6110390569755566490615aaf6f5b4a637f47c4e8a103a158f42284b8c3bf1c6a
-
SSDEEP
12288:BjH0Y1jL7JZ8RJK6Kml2wt0G9/V430NrHbukH2Dh5ccEudZrRkycQq7j2EqcPmqm:B70WppHmPh7R7JBBFmqQVLwS9/5TFsOb
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
8cf2ac271d7679b1d68eefc1ae0c5618
-
SHA1
7cc1caaa747ee16dc894a600a4256f64fa65a9b8
-
SHA256
6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba
-
SHA512
ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3
-
SSDEEP
192:BenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XB9IwL:B8+Qlt70Fj/lQRY/9VjjlL
Score3/10 -
-
-
Target
$PLUGINSDIR/nsProcessW.dll
-
Size
4KB
-
MD5
f0438a894f3a7e01a4aae8d1b5dd0289
-
SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6
-
SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
-
SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
-
SSDEEP
48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj
Score3/10 -
-
-
Target
$TEMP/kernel.dll
-
Size
7.5MB
-
MD5
3addcb27ffbfeecf0cf1f4980e0b0baf
-
SHA1
dde794a1bb1fba39d30334b0abce6010092c5d27
-
SHA256
15c2a89dc69cc532d59c40946f4764aeff284fd01734c2f5783efd60ce14f40a
-
SHA512
3f2ed545f5f913f645506829192291098a7981afdc761f5cb996c299abe0cd5befc1585b0bafd189a5505b3543cadb340df50fbf9551de4c84b9d193628a082b
-
SSDEEP
196608:4uoz1uHMDYjG4mJmvoG7nAbyrxpetNvjr:4uozPoumvozbyOr
Score1/10 -
-
-
Target
AppUtil.dll
-
Size
1.5MB
-
MD5
3f232fd34abbba86180fd6b5e02f99f0
-
SHA1
65475e6d32bd40bc1347ed206f9d33442ba41c2b
-
SHA256
552dd772b479d9f7f8f27712a0f2f8daf8cb501d90acc1468e0257bde2bffca8
-
SHA512
0c4086dfe128dedfa7d34958e15f993108cf6b7b49ed82d3e4e889b1ade3d8c7ff0a167616a429c50dd69c9cb12ec81ac6e69c25c2f8907163be1039514b913c
-
SSDEEP
24576:B8VkPNZLUJzoKeECO/He8wekOHklDRLulTScsVPvL2Mu4SVtIH+1v9:BPUJqSUulTtsVPvaMBSVtIH+1v9
Score1/10 -
-
-
Target
AutoUpdate/AutoUpdateUtil.dll
-
Size
198KB
-
MD5
9f7d3fde1719047bbc7006698e61f895
-
SHA1
10e7d44c125382c8736d693ca6610546581deae7
-
SHA256
980bd27c47eaec7a3028dac12d09283bf5f8f764c7954d6afb49610707ad0088
-
SHA512
ee814138bfd08118ca67555eeadf75d7df724190022644d34610cd98d1cd29239872dbae400d47f1963485c742f00be900036c88faf7b032d9419079d6e598fd
-
SSDEEP
3072:EOq3B8kyfQQC2mC2gbvCsGowP96rH0Vu3b1vJ4gMdTmVj+KO1fnREb:Lq3BJ4vCCa9VgxZ+tvRq
Score3/10 -
-
-
Target
AutoUpdate/Autoupdate.exe
-
Size
2.8MB
-
MD5
8ccf980ea54f3605d4360645416ad152
-
SHA1
99231ce34e0ff68dd417c2246a5ca71d147f96fe
-
SHA256
40a650cb5d37d6a5b3d8674f50ae3f6e243ac80f595f64d0b72f97854d5f20df
-
SHA512
644c51032536934bf1ebce9c93e97d201f18fffd21d31fb083853c7084c8fc63a35c02907bf91be0301805103a892c3f03164f5543daa976b22788b364be1a21
-
SSDEEP
49152:x7L6oPOReVwkTVcXj/SZTLvIkP4qghgZnfw58hG7UB:x7NQeZVcX7aIFqgiZfS
Score1/10 -
-
-
Target
BugReport.exe
-
Size
1.4MB
-
MD5
8f652f739e7a588ccca067b79769e8eb
-
SHA1
33e3ef85ae22b9e67fba89e7f275bbc1ab02c885
-
SHA256
3f260b1eac4c6b2ca4e5e8da257954b240d878a22f92b7fb88cea5dd91f6f332
-
SHA512
c6322ca2dde2488e5ee693d73107acebccf48a7a8d444cb0ba58fe44c2911a2ccd14c0098a2df1d4fc2844b1b0d331e5770eb1d716edbfc3b61f4f22e305a8eb
-
SSDEEP
24576:vvlG+2O6nLOdc1G0BNmo5Suno0i1eBU2Jqh5Xok4NJFXunrAHPr8qFTtfkx5ApvF:vvlzEy0BNmoYuLqHMunsHPr8qFTKMpvF
Score5/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
Bull140U.dll
-
Size
3.2MB
-
MD5
beeb151d977f3a5c505e6235fce14254
-
SHA1
9547ccc48e35effef55891d9ac91aca118335cf0
-
SHA256
ce673d3e52f338333790a0214a5032bc498af64a538158e7f4c540b40e0f6b04
-
SHA512
1d12d39ff8d46021c8241a41ecc3875d8f017bb1d3b7abad8aa2c945b2b4c0472900ef5a7feabce657fb8a55f3586f9ad76d9e836c43cb3502b2bace32dbe985
-
SSDEEP
49152:eucCrMzcHiNTP0aVY+cTiPA+uo8TWh6UU3JxpHIWkU1ZwnlmdE:ZPCtVYfbnoV6UCZHIxZ
Score1/10 -
-
-
Target
ChromeNativeMessagingHost.exe
-
Size
126KB
-
MD5
4596e79362419c69eadb51f3ed3b57d3
-
SHA1
0fce2689ea84e9595fced4219780443542b7ea44
-
SHA256
a7f793c09ee93bc0bb8f1ed7b6ee67c6250ccdb72255d0a28a98b6b0cb7cf6ae
-
SHA512
b9afb0d28656929999c6fa6111d24acc0502901927aa4f13bf91713b019e0a2e48233ed16590f0173afcccb1474745dde95e287edff8e6c56649df62826eb9b7
-
SSDEEP
1536:Q3g0SyOZkuKe2nzGik0QkDYhH5RKA2CE8lXR4LZO1L7nnhn4Leim6X:Q3g0SywqqhH5RKA2m1R4FO1fnhxZQ
Score1/10 -
-
-
Target
HelpUtility.exe
-
Size
148KB
-
MD5
8b1ce9c558e25f108080d223dfa37ac4
-
SHA1
a6ea1e2bf00a1e17bc98b68bef63f2ea6f5612d7
-
SHA256
f9fa819050c2144318bfb9ffeb4677763e90e72fde0c4ace470e45f2665b781e
-
SHA512
b422de56afc0b9dc14fd5594715263bfbf2ba54c15490c30295a28d128bfa119247dee88bb4eec9597b1e6751f6bcdefb0e7b4bf750346f692bc180694b4f199
-
SSDEEP
3072:hSiN9E5e6zYYtEuk8Uu93C7aWoHWoFN03JB0bI/9O1fnV5n5:hSiGzV5L3hbLvVr
Score1/10 -
-
-
Target
TeraBox.exe
-
Size
6.8MB
-
MD5
cd2539c928a77b46c37a9b4da821fa97
-
SHA1
a8445e7cd4fc1083f7aa464f5adf9374aefeaa5d
-
SHA256
74eb8cb2e07ff1eee37441cddb6563bc298da45a738f4f32513da5a82a164bb5
-
SHA512
82ad8f18409419d52bee433e51929a9d16375ebc12d2ac2d8d9b592783f813e531d052394d5fcdbd4bad6d04993653f8ac7840c6a3048ea30dc8ca7d54ee142f
-
SSDEEP
98304:8zWVnRcmVlL/Evm5yvvF1wFCIxmKkVaekszxlWPl3JE/nP:6WVnR3KvLH8C49kVaeLdlWwn
Score5/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
TeraBoxHost.exe
-
Size
643KB
-
MD5
33bdad0009ea101f8ff1c4a33cfc5f8b
-
SHA1
7f42bc455635562b3a5559721aacd8edc8ab4dd4
-
SHA256
d238e129d8c4d15c48d56445ee1f07a816b140bae2e76d5e251c7c0c265896f9
-
SHA512
d911807851b4ed78fcb82a1fd37159910657b5d51d84fb4e8ee15f174fb6fb8483c95b5941334976830c38cdf407726cef4b9a58581c9f01451e27042b16e02d
-
SSDEEP
6144:V+nj7IXYnzhmoX5Rz0jdWNuyxmnbjxzqHRz3sUntv0s:zLoX4XNknT
Score1/10 -
-
-
Target
TeraBoxRender.exe
-
Size
737KB
-
MD5
f3ac5bb8444726884b1a9ef091eda821
-
SHA1
9408da41cdcb17f53066403d804634bc25ceb084
-
SHA256
91ba1bf2c7a35a37db6f91c4108fd1be25c520094cb81b0276e77e7deb1a550f
-
SHA512
8e4ca46048058777d9ab49df0f5e3b213e5fce8abbf2b87ad39d9b4a55834aa3cfae390dc990ffe719ca08bec68b6a300ae6b276e85c54d569567e3f42d37e7f
-
SSDEEP
6144:8WF5wFO09j7KPQ7QK50g0umuUHlb5xVtq+2zi0Cvl6A:8BFLj7x8dg0iUHlb5xV12G0C
Score1/10 -
-
-
Target
TeraBoxWebService.exe
-
Size
1.1MB
-
MD5
3f4745a244a479f2777bd76daed1fa48
-
SHA1
7479840b8a553abad3aca13175ac550c11d73ada
-
SHA256
cb3685719891464af71b08c01114d3d86d1b223318a5e95e9ab6e3fba2ca53dd
-
SHA512
c9ae5d3b3e9f1f503d377aefc5c64b599772e34d5bf6c713548f30688b407caf2ce0e0dc11f4077cffde6c1dcd0f2b9e94045223436579bc119b166f0e632557
-
SSDEEP
12288:nzfoNHJMAdkx/GzpOmeSKeYD6ebL5UHk8UZw3ulz4xIH9cAPxTmnEJyf:ncNpMZx/SOeYD6KNF8UW3ulDHdPuNf
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Change Default File Association
1