zloader | 09e65a661e85c3a3ab0e848809e44f20332b9f46cf5da364c7c8d3992c957f85 | Triage

Submit
Reports

Overview

overview

Static

static

4

TeraBox_sl....1.exe

windows7-x64

TeraBox_sl....1.exe

windows10-2004-x64

6

TeraBox_sl....1.exe

windows11-21h2-x64

6

Resubmissions

17-06-2024 17:37

240617-v7lpssxfke 10

14-06-2024 20:15

240614-y1wg7sthng 10

Sharing

General

Target

TeraBox_sl_b_1.31.0.1.exe
Size

85.5MB
Sample

240614-y1wg7sthng
MD5

79060976af019f7fb4cefbc0a4fe8ec4
SHA1

907cf720fa0ddf346a44904b0b38654f3d562784
SHA256

09e65a661e85c3a3ab0e848809e44f20332b9f46cf5da364c7c8d3992c957f85
SHA512

a5decc422ed87f09786d3d42b3a26358faed6ca339ab3c4331b6b40c34fff62c48822a915aec71fce575fa03ccb1278e3bedb37072119b21309fb4d33828942b
SSDEEP

1572864:D/Tbaxaxd3iMmFsW2sfWXx/Qux9f7yyZermJw0ZR09aoFXVqagAp0g9mTx:Tqaxi6x/hHf7yyZermJwSy9aoFwagA1y

Score

10^/10

zloader botnet discovery link pdf persistence qr trojan

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

TeraBox_sl_b_1.31.0.1.exe

Resource

win7-20240611-en

zloader botnet discovery persistence trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

TeraBox_sl_b_1.31.0.1.exe

Resource

win10v2004-20240611-en

discovery persistence

windows10-2004-x64

15 signatures

150 seconds

Behavioral task

behavioral3

Sample

TeraBox_sl_b_1.31.0.1.exe

Resource

win11-20240611-en

discovery persistence

windows11-21h2-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  TeraBox_sl_b_1.31.0.1.exe
- Size
  
  85.5MB
- MD5
  
  79060976af019f7fb4cefbc0a4fe8ec4
- SHA1
  
  907cf720fa0ddf346a44904b0b38654f3d562784
- SHA256
  
  09e65a661e85c3a3ab0e848809e44f20332b9f46cf5da364c7c8d3992c957f85
- SHA512
  
  a5decc422ed87f09786d3d42b3a26358faed6ca339ab3c4331b6b40c34fff62c48822a915aec71fce575fa03ccb1278e3bedb37072119b21309fb4d33828942b
- SSDEEP
  
  1572864:D/Tbaxaxd3iMmFsW2sfWXx/Qux9f7yyZermJw0ZR09aoFXVqagAp0g9mTx:Tqaxi6x/hHf7yyZermJwSy9aoFwagA1y
Score

10^/10

zloader botnet discovery persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zloaderbotnetdiscoverypersistencetrojan

behavioral2

discoverypersistence

behavioral3

discoverypersistence

© 2018-2024

Terms | Privacy