General
-
Target
TeraBox_sl_b_1.30.0.2.exe
-
Size
85.5MB
-
Sample
240427-2zs78sag8y
-
MD5
bf389a8ab715cd3e1240ea6f6872023b
-
SHA1
ea216a5b29480223a96c609585bc37d1a2a8b658
-
SHA256
cdd9213c986f4dcc1f2c07f584d564c6a3ba00c9c27fe016bf51fd70ff0ef973
-
SHA512
f17b9411f9b2803cf4dc2d98ba529bd55eca953be340abd1da0f9fa042e61fcc181e74b0bfa7fb4e9bb1ce3d97f14ce80b2865d20f59741a594f39f7332a3505
-
SSDEEP
1572864:9m0dHtOx0eSgs6bZQ+/bKMN4+j6Hv5fhEk6MjHOi8IIXBBLyREG:c0jOyera+/bKMFj+x6wO0IXHyRB
Malware Config
Targets
-
-
Target
TeraBox_sl_b_1.30.0.2.exe
-
Size
85.5MB
-
MD5
bf389a8ab715cd3e1240ea6f6872023b
-
SHA1
ea216a5b29480223a96c609585bc37d1a2a8b658
-
SHA256
cdd9213c986f4dcc1f2c07f584d564c6a3ba00c9c27fe016bf51fd70ff0ef973
-
SHA512
f17b9411f9b2803cf4dc2d98ba529bd55eca953be340abd1da0f9fa042e61fcc181e74b0bfa7fb4e9bb1ce3d97f14ce80b2865d20f59741a594f39f7332a3505
-
SSDEEP
1572864:9m0dHtOx0eSgs6bZQ+/bKMN4+j6Hv5fhEk6MjHOi8IIXBBLyREG:c0jOyera+/bKMFj+x6wO0IXHyRB
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Adds Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
api-ms-win-crt-filesystem-l1-1-0.dll
-
Size
13KB
-
MD5
4ec243792d382305db59dc78b72d0a1e
-
SHA1
63b7285646c72ee640d34cdc200bfc5863db3563
-
SHA256
56e0bdf91edb21f5f5041f052723025c059a11360bb745f965a9903de9c61756
-
SHA512
88f648d45927db65ff8cead4bb1959b1297410bf3f5b3b2783a173d708649260a61470342694de8b93e9c1657de64db43db40ee71acc661b03786c0921d68d4b
-
SSDEEP
192:b7q6nWlC0i5C5WOhWWT71ojDBQABJHTTKJqnajLQvTP+8jIrF7:/q6nWm5C5WOhWXDBRJHTGJlvQyUIrF7
Score3/10 -
-
-
Target
api-ms-win-crt-heap-l1-1-0.dll
-
Size
12KB
-
MD5
a51cfb8cf618571215eeba7095733b25
-
SHA1
db4215890757c7c105a8001b41ae19ce1a5d3558
-
SHA256
6501894e68a3871962731282a2e70614023ec3f63f600f933ec1785400716ce1
-
SHA512
9ae11ab21486dea1aba607a4262f62678c5b0e9f62b6a63c76cfdc7698d872d8696ffb1aaae7aa2e2cf02c1c7eaa53d0ce503432960f4be6886fae0de2659535
-
SSDEEP
192:8Y17aFBRkWOhWXLT71ojDBQABJz5qqnajxcRGlPHisg:9RWOhWXYDBRJ9qll7PHip
Score3/10 -
-
-
Target
api-ms-win-crt-locale-l1-1-0.dll
-
Size
11KB
-
MD5
8d097aa5bec8bdb5df8f39e0db30397c
-
SHA1
56f6da8703f8cdd4a8e4a170d1a6c0d3f2035158
-
SHA256
42c235914844ce5d1bb64002fca34a776ae25ee658fc2b7b9da3291e5def7d4d
-
SHA512
a891536e2a362fc73472fa7f5266ce29e8036959701bc0862f2b7ea5865dcd1505615edc8e064fb2f7aaa1b129e48422efe7b933b01faed9c2afadd8a64452dc
-
SSDEEP
192:iWOhW6UT71ojDBQABJmRqnajsl/cqt0AEV1:iWOhWQDBRJmRlPqubV1
Score1/10 -
-
-
Target
api-ms-win-crt-math-l1-1-0.dll
-
Size
21KB
-
MD5
ab87bdae2f62e32a533f89cd362d081c
-
SHA1
40311859dd042a7e392877364568aad892792ba9
-
SHA256
0439703e47c8fce1f367f9e36248a738db6abcd9f2dd199cb190d5e59ed46978
-
SHA512
dbe0073da8979f3d32204680015b60435226840e732b5df964dbeeb7920c0bc5df92d866964f905518c97cc3539f628664503ffa64e50a2ef90c459b62555444
-
SSDEEP
384:n47isbM4Oe5grykfIgTmLOWOhWB9DBRJelXBtpObE:41Mq5grxfIn+c91PkKE
Score1/10 -
-
-
Target
api-ms-win-crt-multibyte-l1-1-0.dll
-
Size
19KB
-
MD5
169e20a74258b182d2cdc76f1ae77fc5
-
SHA1
fce3f718e6de505ac910cb7333a03a2c6544f654
-
SHA256
224f526871c961615de17b5d7f7bbef2f3a799055cab2c8e3447b43c10c25372
-
SHA512
0881c8704421a5f6e51abd22c55608dd7fb678491682ce86066e068b1973ebf11d6c2163be610a49f87e800c8563ebb41abfe36e1913d7d0b8485fd29ed81bf7
-
SSDEEP
384:iy+Kr6aLPmIHJI6/CpG3t2G3t4odXLlWOhWrDBRJ2pll7PHI:iZKrZPmIHJI6Bq1PUo
Score1/10 -
-
-
Target
api-ms-win-crt-private-l1-1-0.dll
-
Size
62KB
-
MD5
682bf6b9c07a64929a4484db51d6c13d
-
SHA1
07672ce8f08db3b1d745b71e9db3e4729c70793c
-
SHA256
bdd0cca431ee362bed4f2c1eccafb22aa8dd51d57014be8297789175e5c11f2e
-
SHA512
e4ae0fc24114a58baede8443cb9275811c12a321ac898cda89efbd07474b8e60a564c55bbd82e37f521bf46b05fc1ca876f9b33f6d4bbbaed9fe0f03c937fce1
-
SSDEEP
1536:KaYDe5c4bFAcvxXWpDid3334BkZnGPMwPn7+9:6De5c4bFAcvxXWpDid3334BkZnGPMwP2
Score3/10 -
-
-
Target
api-ms-win-crt-process-l1-1-0.dll
-
Size
12KB
-
MD5
3838dd55b0237af0fbac474abb6614cc
-
SHA1
0c47256f4a29bc3fa889b5fbe0b1f2d712acf4ed
-
SHA256
51862322ae3354f254045545b4ff64b7445bc99107b4526c3430de9ce5c60d88
-
SHA512
cca018899156601146c5c6aa747603a62d70e3dbbbbde377b06a78f3d0f2d83f11d7f3db71d239f4ad8ce2e38b92c93175d2af5af56905f87a755b8dd59b7836
-
SSDEEP
192:nRQqjd7xWOhW8T71ojDBQABJkoHqnajLQvTP+8jIrrNX:nKAWOhWRDBRJkMlvQyUIrrV
Score1/10 -
-
-
Target
api-ms-win-crt-runtime-l1-1-0.dll
-
Size
15KB
-
MD5
49363f3cf4671baa6be1abd03033542f
-
SHA1
e58902a82df86adf16f44ebdc558b92ad214a979
-
SHA256
505d2bde0d4d7cd3900a9c795cb84ab9c05208d6e5132749ab7c554ccd3c0fcc
-
SHA512
98e78a607cfbb777237dc812f468ec7a1abcba9472e20a5780dfc526f7992da1841fcd9e2f76f20fa161240007f185c7fbdc120fb4c3c1f2b90fdad5913d65dd
-
SSDEEP
192:90CjfhrpIhhf4AN5/jivWOhWXT71ojDBQABJBkQgqnajxcRGlPHei8:9b7hrKMWOhWkDBRJBEll7PHQ
Score1/10 -
-
-
Target
api-ms-win-crt-stdio-l1-1-0.dll
-
Size
17KB
-
MD5
be16965acc8b0ce3a8a7c42d09329577
-
SHA1
6ac0f1e759781c7e5342b20f2a200a6aab66535e
-
SHA256
fcd55331cc1f0ff4fb44c9590a9fb8f891b161147a6947ce48b88bf708786c21
-
SHA512
7ba55fa204d43c15aca02031f584b3396bb175365dad88e4047b8a991f1f1ddd88d769e4d8cb93ee0ed45e060a1156e953df794f9cb8bb687c84c4a088da2edf
-
SSDEEP
192:5FbNpuWYFxEpahvWOhWQT71ojDBQABJ/EXqnajL1dHx3tKCJAfg7:LUFVhvWOhWVDBRJclXBtpOfm
Score1/10 -
-
-
Target
api-ms-win-crt-string-l1-1-0.dll
-
Size
17KB
-
MD5
3eae6d370f2623b37ec39c521d1f1461
-
SHA1
86d43e2e69b2066333e4afa28a27c7a74ff89991
-
SHA256
ce74bdc6999d084a1b44b2ecea42dd28849b2825d7779effdc4c18360308b79b
-
SHA512
30b2b6cf5cd1bbdf68de048e6d992133fe7ab0c847fa0d5eb8c681a9688d60794621a40178451a104036a0fff2e1bd66a18d9f96be6b28dbdc0bc1c8a535fc85
-
SSDEEP
384:2iFMx0C5yguNvZ5VQgx3SbwA7yMVIkFGl7WOhW0DBRJglI66YeOtOk:26S5yguNvZ5VQgx3SbwA71IkFid1P56x
Score1/10 -
-
-
Target
api-ms-win-crt-time-l1-1-0.dll
-
Size
13KB
-
MD5
a440776e10098f3a8ef1c5eaca72958e
-
SHA1
7b8662714f6e44fb29a4224a038e4127964003e9
-
SHA256
40d8bc312ac7bca072703e5f0852228cde418f89ba9ad69551aa7a80a2b30316
-
SHA512
b043cd020d184a239510b2607c94210dc5fdc5d2a2b9285836bdce8934cc86a1cc3f47a2f520b15db84f755ac2e7c67e0247099648d292bbd5fb76f683d928df
-
SSDEEP
192:uamDOWOhWKT71ojDBQABJUBXqnajL1dHx3tKCJAH:l/WOhWLDBRJUtlXBtpOH
Score1/10 -
-
-
Target
api-ms-win-crt-utility-l1-1-0.dll
-
Size
11KB
-
MD5
a0a883e26be6800508162e2a898148d9
-
SHA1
4f79892e7766cb7831211864978575598c86a11b
-
SHA256
9753ae83536767c73e340c36c5f1610bc76a3e67e033b07503ec31431cba7b90
-
SHA512
70904f2fd074073aebcf665178b34cf7f0f42ced7223ca296f7f202f6fa0175ace2832d9802f5bff4d67891ca09ae14fac47420d69107e72aa44b541a190f6c3
-
SSDEEP
192:jfHQduLWOhWnT71ojDBQABJcGqnajMHxxBNT06YeOh0:jf9WOhW0DBRJcGlI66YeOi
Score1/10 -
-
-
Target
cefbrowser.dll
-
Size
415KB
-
MD5
1caebe4ed2e403f2cf6288b74c41cf28
-
SHA1
121f367e8941a019e56002f86c3b602e3d04d4b5
-
SHA256
45e321f33ca589a04322084e82ad379f3e21c3bf4eea31fd4f970a23d2ac3ad1
-
SHA512
c04006cca68c9f446b05b36b36fb8c5213a3b5d5aedc0ec101adce2303dace5702fcc22037838e9acd64479fc058f0e0535c61bad8642094eb2c27d978b30379
-
SSDEEP
12288:mWZcsVRNXUKNurhHQ1rLwt4w3hgpCCckCbnAckzHKQ:wsVdurhHQ14t4w3WpCClCbnAckOQ
Score3/10 -
-
-
Target
chrome_elf.dll
-
Size
845KB
-
MD5
4ec35cb6833a7cc23d0a03e864027617
-
SHA1
e20c1d527cbfa901d91179732affcb855fa3f6e6
-
SHA256
52b3bd63bfba9799c26c5f5b54e647c46db557357c05e11c7af3b9ad1af7353e
-
SHA512
4afd9b638c3c84bb7a34e3098de5eb630cdc91924502cd4ebb097ac0ee7629c020e8d1fc9ddc95d28c83eade7ed1c3711df83784e1e5060dae16b69d71b238e8
-
SSDEEP
24576:kUNvTY1kuFGfF4uENU+C6LQ9TdrZkVaTAjv:1YDofYNUCVasjv
Score1/10 -
-
-
Target
concrt140.dll
-
Size
237KB
-
MD5
abdef5f24d965beb17acc7948b4bebfd
-
SHA1
d671e6fe9fb1b9a675f3ea50a15d5318e7af0978
-
SHA256
4e822f847073f81c781be433eff6c68db616efad49cee50a5e19997fb46a9da0
-
SHA512
fde514a3bda56ffcfeaaaa7ddf6a4c89130d5f52936c82e9d8c5d771cbc228e387d0845300be98d7f40d4ca3b06c8a783411ddc0c1e258e10745a50d0fe1115e
-
SSDEEP
6144:YVtg4bkcTc3uYSw5ejegvGw9xEPOL8an39bkH1r12z/WK3b+B:YI4xL+wsQ8anK1AzrG
Score3/10 -
-
-
Target
d3dcompiler_47.dll
-
Size
3.5MB
-
MD5
9e490be9553d7de01682f5a2c2e8bec0
-
SHA1
1f557e13df328157b97b8cfa52808bbca965e395
-
SHA256
05e9e70ece4e810f163a22232b73d366f18dde3496bcef8fc556ec71c704ef72
-
SHA512
726fd19808376a46e99f14546dad2ed8ebfe0d39dcfefbb7022012436a169164c62393a455748e251e27e0f14fa945ffb27904fc4a9aa5b397e489c544fac65e
-
SSDEEP
49152:OjmJAksRXmBNgC9ITPPE8WHmy0HRZ+kyOzDJn5c5v5H3pqC23u6q+25omPEyXzj4:Oy2Ckrj+kyOv2MJ+6q8kbqS/A7
Score3/10 -
-
-
Target
kernel.dll
-
Size
7.5MB
-
MD5
3addcb27ffbfeecf0cf1f4980e0b0baf
-
SHA1
dde794a1bb1fba39d30334b0abce6010092c5d27
-
SHA256
15c2a89dc69cc532d59c40946f4764aeff284fd01734c2f5783efd60ce14f40a
-
SHA512
3f2ed545f5f913f645506829192291098a7981afdc761f5cb996c299abe0cd5befc1585b0bafd189a5505b3543cadb340df50fbf9551de4c84b9d193628a082b
-
SSDEEP
196608:4uoz1uHMDYjG4mJmvoG7nAbyrxpetNvjr:4uozPoumvozbyOr
Score1/10 -
-
-
Target
kernelUpdate.exe
-
Size
2.4MB
-
MD5
27d529b1f2b33d8d588b18e8e62dac5b
-
SHA1
70da44e6d65c33ff1401e3249a632508310e9c5a
-
SHA256
2a9fa5451621428e8d405d72d948a4ec67f0173bed4ab5d271a3ffb64d4f2a92
-
SHA512
113d7dbb16d9a4e049182752f0f52676aed603e772d5c3623caa9229f17900fd2d18ce2bfb9f77f577780c83a1d10a50e23a768b1cd6ace5948f3b0c649ad50b
-
SSDEEP
49152:CxigXzsKzHYGTK53O6ZyoXRfon0l2hH3aGMgD/umCC6DHOvJDr6aP2wTcD98sszA:Cx1sSYh3O68odDm6o4
Score1/10 -
-
-
Target
libEGL.dll
-
Size
338KB
-
MD5
e51d7a31b4bb4c504d8f3bb6619d712c
-
SHA1
17e8e6d595e3f7a0cc4cb4fd723c71db366ec0bd
-
SHA256
37c5e4b20000ffedeee8bf4393d2e8e88a46852e6cd9d110a2e3785ae37635ee
-
SHA512
e35f803cdf4e686f1c86502e7ee999dd619d166e469b0f5d9ee2791de5272eda49a1ec0db12e52f2d97717d1835c679855eaa89980ba92a8b0f47bcb1b287e11
-
SSDEEP
6144:CtEh7IlyUXhM3FLzcHGQcmZGyYGRSkvY3fzJnwSwbFPWjZGaBcPgvYkh:Cm+lyGcmIyYGpvY3fzCaZlc3o
Score1/10 -
-
-
Target
libGLESv2.dll
-
Size
5.2MB
-
MD5
efbc15503d95a27aedda0c21efc63f6d
-
SHA1
9c293cf5ef014075941c756c26046da797da1013
-
SHA256
f30b524700a003f73ad35c0ad3495b641531b74ba06fb972e5a59bf4ea453a39
-
SHA512
5c0bb7d2f1a14ec148b1721b2e57d486328f3539e76a6ec0e5ce0b1b742bdde7aa102e46ac1529124b7a8ad9ab6137e64f7bf0aa146571091b9b05a2e02c9254
-
SSDEEP
98304:hyHvU6gTY6Y9zIreEkjvTDIEsBwBdu/mCVUYh2dOQu2pfMpZw3a:hyHF8hYZIrepIEsQkWYh2dlpq
Score3/10 -
-
-
Target
libcef.dll
-
Size
113.1MB
-
MD5
c1731901f7195a68092f2e48ea9cbf86
-
SHA1
ab230d477ca5e63402d60b77d7b3410389ef79c1
-
SHA256
7d96f07226613cb73865414b11d8c739df533dc30641970baa42017ea230b98e
-
SHA512
edffa6e5ecd0ceb1b2ddfa0d2f365f461c24560a820efb03084dcb1e9b53709be9ab0b605df791f1c029693d08270dfa775990784cc3bce31271061d34434459
-
SSDEEP
1572864:lJDYtDe6+JOlgEQNTHCPYmf7W5v8051LgovRUHb8tHjv50Ap16SzOVgRn:llYHoTiPsxHB3y
Score1/10 -
-
-
Target
minosagent.dll
-
Size
2.9MB
-
MD5
216a2dd23f95bdd63cd88a50eb7e69bd
-
SHA1
9c63635c26e276179f8dba9e02079bb3170b0321
-
SHA256
63da24020a82333c79806f3f8aa92fb9103f20b0b90ab095ee52601f6b154ada
-
SHA512
390ff16e8b0c07c1bda03584096404bdd22d69a0eb39a76fc6155c81584e1a7737f8f9d359a7be8e861bcfb02ced46950a8ef6c20a896774647086c21ee7edf0
-
SSDEEP
49152:XgWzAviqiTcfvRZpfWJR4S7PqDOzC0TsEF+W:XzyiQHtS4S7cOd
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Change Default File Association
1