Overview

overview

10

Static

static

4

TeraBox_sl....1.exe

windows7-x64

10

TeraBox_sl....1.exe

windows10-2004-x64

4

$PLUGINSDI...UI.dll

windows7-x64

3

$PLUGINSDI...UI.dll

windows10-2004-x64

3

$PLUGINSDI...fg.ini

windows7-x64

1

$PLUGINSDI...fg.ini

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.xml

windows7-x64

1

$PLUGINSDI...fo.xml

windows10-2004-x64

1

$PLUGINSDI...sW.dll

windows7-x64

3

$PLUGINSDI...sW.dll

windows10-2004-x64

3

$TEMP/kernel.dll

windows7-x64

1

$TEMP/kernel.dll

windows10-2004-x64

1

AppProperty.xml

windows7-x64

1

AppProperty.xml

windows10-2004-x64

1

AutoUpdate...fo.xml

windows7-x64

1

AutoUpdate...fo.xml

windows10-2004-x64

1

TeraBox.exe

windows7-x64

5

TeraBox.exe

windows10-2004-x64

5

TeraBoxTor...le.ico

windows7-x64

3

TeraBoxTor...le.ico

windows10-2004-x64

3

VersionInfo

windows7-x64

1

VersionInfo

windows10-2004-x64

1

VersionInfo2

windows7-x64

1

VersionInfo2

windows10-2004-x64

1

autobackup.ico

windows7-x64

3

autobackup.ico

windows10-2004-x64

3

browserres/cef.pak

windows7-x64

3

browserres/cef.pak

windows10-2004-x64

3

browserres...nt.pak

windows7-x64

3

browserres...nt.pak

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TeraBox_sl_b_1.31.0.1.exe

  • Size

    85.5MB

  • Sample

    240716-n5wcwstgpg

  • MD5

    79060976af019f7fb4cefbc0a4fe8ec4

  • SHA1

    907cf720fa0ddf346a44904b0b38654f3d562784

  • SHA256

    09e65a661e85c3a3ab0e848809e44f20332b9f46cf5da364c7c8d3992c957f85

  • SHA512

    a5decc422ed87f09786d3d42b3a26358faed6ca339ab3c4331b6b40c34fff62c48822a915aec71fce575fa03ccb1278e3bedb37072119b21309fb4d33828942b

  • SSDEEP

    1572864:D/Tbaxaxd3iMmFsW2sfWXx/Qux9f7yyZermJw0ZR09aoFXVqagAp0g9mTx:Tqaxi6x/hHf7yyZermJwSy9aoFwagA1y

Score
10/10
zloaderbotnetdiscoverylinkpdfpersistenceprivilege_escalationqrtrojan

Malware Config

Targets

    • Target

      TeraBox_sl_b_1.31.0.1.exe

    • Size

      85.5MB

    • MD5

      79060976af019f7fb4cefbc0a4fe8ec4

    • SHA1

      907cf720fa0ddf346a44904b0b38654f3d562784

    • SHA256

      09e65a661e85c3a3ab0e848809e44f20332b9f46cf5da364c7c8d3992c957f85

    • SHA512

      a5decc422ed87f09786d3d42b3a26358faed6ca339ab3c4331b6b40c34fff62c48822a915aec71fce575fa03ccb1278e3bedb37072119b21309fb4d33828942b

    • SSDEEP

      1572864:D/Tbaxaxd3iMmFsW2sfWXx/Qux9f7yyZermJw0ZR09aoFXVqagAp0g9mTx:Tqaxi6x/hHf7yyZermJwSy9aoFwagA1y

    Score
    10/10
    zloaderbotnetdiscoverypersistenceprivilege_escalationtrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Adds Run key to start application

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/NsisInstallUI.dll

    • Size

      1.8MB

    • MD5

      075abe6be6b717434cea2879a54c4714

    • SHA1

      dc02581f578d22db7460352a476727ac5b2fcbb9

    • SHA256

      5a5e5398424a4eab5ea1fb905313ea56a19b7210e0da44861503bbf3f9826c13

    • SHA512

      90937b6aab2a4eeac74a33cf238131e011edc1b1f2bf9a9ce6dc5e0d21923330131ba5014e9ea1176ee88ee03d847cc69e6f1e91f7f68aa65c7a5ac4852f9d63

    • SSDEEP

      24576:THI9QRkU8s2UDY3r58zoPOfxLcbFTRsr5T:byQn8jUE7HmKbDiT

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/SetupCfg.ini

    • Size

      80B

    • MD5

      86daef0a1abf90f934b20119d95e8b73

    • SHA1

      fa9170644b102c598005d1764a16aba54314ab69

    • SHA256

      a5b0e58f66055ba5c9730dd7983946f92075bcf7052343b8d64ee95faa99eaaa

    • SHA512

      1e95d6b697621f5c8bd194b5252f7717c3aa48a25d91d80fcd5fb0f1d06747c5f39708255bd85f18f776468dcde5645a8ac088431d412af1b10932d7f0df67b7

    Score
    1/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      8cf2ac271d7679b1d68eefc1ae0c5618

    • SHA1

      7cc1caaa747ee16dc894a600a4256f64fa65a9b8

    • SHA256

      6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba

    • SHA512

      ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3

    • SSDEEP

      192:BenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XB9IwL:B8+Qlt70Fj/lQRY/9VjjlL

    Score
    3/10
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/VersionInfo.xml

    • Size

      90B

    • MD5

      661ab64fa609c37ae075aa0e1929f84c

    • SHA1

      ff30bd62106492de87aa7ac33971dc464984a6df

    • SHA256

      c24a837371bedf646f2a03ba99ed2b7a2a454b18f706d7009ce91053904cdaa0

    • SHA512

      ad4afb2af01c10ab2a041414240aad3778e2dcf2f0ae1005cf03fd813bdc3fdd1b8cb12acb8c8ca8cd6a0e3e19413ddd5f99d6a5093a3386496c6afa2cc76bbc

    Score
    1/10
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/nsProcessW.dll

    • Size

      4KB

    • MD5

      f0438a894f3a7e01a4aae8d1b5dd0289

    • SHA1

      b058e3fcfb7b550041da16bf10d8837024c38bf6

    • SHA256

      30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

    • SHA512

      f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

    • SSDEEP

      48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj

    Score
    3/10
    behavioral11behavioral12

    • Target

      $TEMP/kernel.dll

    • Size

      7.5MB

    • MD5

      3addcb27ffbfeecf0cf1f4980e0b0baf

    • SHA1

      dde794a1bb1fba39d30334b0abce6010092c5d27

    • SHA256

      15c2a89dc69cc532d59c40946f4764aeff284fd01734c2f5783efd60ce14f40a

    • SHA512

      3f2ed545f5f913f645506829192291098a7981afdc761f5cb996c299abe0cd5befc1585b0bafd189a5505b3543cadb340df50fbf9551de4c84b9d193628a082b

    • SSDEEP

      196608:4uoz1uHMDYjG4mJmvoG7nAbyrxpetNvjr:4uozPoumvozbyOr

    Score
    1/10
    behavioral13behavioral14

    • Target

      AppProperty.xml

    • Size

      50B

    • MD5

      38a35ee4ef24896d4450825d30da2d84

    • SHA1

      934a8104483de39185efae62e7b473380e32cfcc

    • SHA256

      843a030382ce12299411cf34be5d9fb0dedf97775782386bde41e0f62b36b06a

    • SHA512

      131089a9303458d5ba935eb39d6fad75e5f77cc210cef2eb4ca7b55cb457b00b60edd64ac629d72fdad9fc794125a664ed3865a563a1d90154b8d3f981e3f3bf

    Score
    1/10
    behavioral15behavioral16

    • Target

      AutoUpdate/VersionInfo.xml

    • Size

      91B

    • MD5

      ce123e07fb4922d383b316509fc42b0a

    • SHA1

      f14430f14931c28dc0603426664029380053b92c

    • SHA256

      41be369f328416e229a7f9bda1b9cadd2ee39392aacc6c33c1442559a738b4ef

    • SHA512

      71d2f37e8719e9ae15fc2604b5cccfe03034e2fc747740485f2640d5280a643ae97a1066150485f572ed7018323cbdb6ed3c72d70677e33f5fc711e6518833dc

    Score
    1/10
    behavioral17behavioral18

    • Target

      TeraBox.exe

    • Size

      6.3MB

    • MD5

      7ab6073a5c400a5071bfa4ef2d936425

    • SHA1

      f794ea18eced4330979972da2a4bfa33c03afa2f

    • SHA256

      7774449e13c24d2b0b69114d9ba044e80dc8378fa3dfb5d17a142d5cb4cde8af

    • SHA512

      4371b6b49df43dab4abf90a71819276f30dca823c93335edd5513a67a646c97ef575b2ede650ceb2f0f168af13431254530e9bffc3db0f5b0eada1492c3cab73

    • SSDEEP

      98304:52XswubXaFliXVEaqz56LtbSeK78yYkVvkg7m8Etg1C9Y41WCpq:8XswuuKE7E4IDkVvkgK9fVWCo

    Score
    5/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral19behavioral20

    • Target

      TeraBoxTorrentFile.ico

    • Size

      67KB

    • MD5

      91886d4f8ea7c97366d37bb85001be04

    • SHA1

      c1ecd6fd669fbce0a823ac673cf96e016eaab2d8

    • SHA256

      98b0815a45fa11e0c22e63d68597d5c16c928afdeb41ace3d693c07fb4a21ea5

    • SHA512

      67fcf1afae76a913f2b51ad0ad4252c79476a595417770521f6705d483114dce247dfba3c0ac46c5f4148b557eea2b7baca529733a86bdbb48465cb7f11c5e18

    • SSDEEP

      1536:Gt+llllllllllllulllllllulllllllTHKrn+JrWSpI3e7ep+Qi0lvIVXVRZp8ss:K2lllllllllllulllllllullllllloSa

    Score
    3/10
    behavioral21behavioral22

    • Target

      VersionInfo

    • Size

      192B

    • MD5

      351e50fed91d082778bd8e2fcf024f05

    • SHA1

      b5daa528fa4088b79284f157e8be038b21e08cad

    • SHA256

      17c9f4bef9776b36fac918ea1bdcc72093ecc9ada7ab2dbe0d29285a70f05c6c

    • SHA512

      f6f4854b2b4b03f458b04c713a9da2eac5ba9eeb524a0c0e5317112978f3fc7935a4008251b8fd202e525275214fe821b6ebac8974914331d7ceb4ed57b4a6bc

    Score
    1/10
    behavioral23behavioral24

    • Target

      VersionInfo2

    • Size

      192B

    • MD5

      f95431ba7b0461a39831638c60ff7c2d

    • SHA1

      5efaa3d1c2d3696c2d11556779937ba0cee1409e

    • SHA256

      9b90bee354f54454db8d5d4121fd6a663c85a8a5055ef21c693796f834c1a5fc

    • SHA512

      b3a1e876d2d2bd07a039684675f43dbe27e0111572d13be8d18edb325408e35d9b207b8e2bbb5ca48caf4633ec5907426e445edb77259639fb9a5aa3a7fcb5e7

    Score
    1/10
    behavioral25behavioral26

    • Target

      autobackup.ico

    • Size

      36KB

    • MD5

      3c3a4366949bc445bf17425c31a4ecef

    • SHA1

      86a53600db334e87eb43fca260b098b502e5ba73

    • SHA256

      9e61d5732a0bbe798dd197d8d8d7ce2cdeafd9130018f1911b2ab574757e9188

    • SHA512

      74d5084b46a050766b126a86e3cdc4bb46a9342a9141388b2d04aa24b69850e9700ef26a6c39759fe5467ac7107a8416640631b48eaec4149c32ac1d8f91081f

    • SSDEEP

      192:whAwun8SreQObguXS+j6uzv5rkZFp+CORyACchS:wajCXfspKw8Y

    Score
    3/10
    behavioral27behavioral28

    • Target

      browserres/cef.pak

    • Size

      1.9MB

    • MD5

      d1c40362fe2f365dcf4363713727aba9

    • SHA1

      e68372e078bcfb8baba6909ef39e05e6bcaccce4

    • SHA256

      c91bb3bd9431300da48e18f9f4d576b76c5cfbb0749c0d7dbda159fdb99a3edd

    • SHA512

      e179ac734f6dfc961c03a2d617d945abe1ed9fd120a02cd1f408c30d1a0b1a37667e145e302f3f2761a4de6068d4ed8737c97f8e9cf9f77e42d079f94c3e0263

    • SSDEEP

      49152:YZTSD2VMdS8xOt88ZCPbfNIWY1xG0jJbaCUXEWT:RyycRd0PbVHYfG0jJPA5

    Score
    3/10
    behavioral29behavioral30

    • Target

      browserres/cef_100_percent.pak

    • Size

      200KB

    • MD5

      51cd116911e8e3c2e5c0367b887f2417

    • SHA1

      56e54592b9a2a8623d1f3b2cd1d6ea3ef61545b3

    • SHA256

      3b83236664a5fe0aaf4ef723f636c844ef60cf1f33eca92927503ed4f7c1f115

    • SHA512

      ce3263846cfc0b863a6026a581f865f49bf1a4e169c0e2ac0d1833b8bc41450240198ccbc637f9d67618a1d71bbfee252745ebf2fda51159625e4a2aef1cdf0f

    • SSDEEP

      6144:5IYS+zaSR3aW2rxzw95TUhx5c1YC7x10fS7/:5Ic32cUhgf1dL

    Score
    3/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

qrlinkpdf
Score
4/10

behavioral1

zloaderbotnetdiscoverypersistenceprivilege_escalationtrojan
Score
10/10

behavioral2

Score
4/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
5/10

behavioral20

Score
5/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
3/10

behavioral30

Score
3/10

behavioral31

Score
3/10

behavioral32

Score
3/10