General
-
Target
TeraBox_1.31.0.1.exe
-
Size
85.5MB
-
Sample
240723-d9jvjswamf
-
MD5
29479b953032b1bd6ac2056691c361a7
-
SHA1
afa4ac9af3654b2dda1d2fc4ea60fa579eaa6c34
-
SHA256
c8909ff67ce9c7ffdebe28171f8eefb2eabbadeb8078409496b7f31803d45d9c
-
SHA512
20894403cd64b9f174aee6a4cec239e22f7492937f0919e4add66062575dab5cef97639ba4dc38aa905d5e5c481f680a95be6b179123bee9f3a53434354a8119
-
SSDEEP
1572864:ldJLtviAmwWBetc/tEyBVbvVnt5b5tOdX1WlCGYH1CxDMIgwMWDR8qlqmkSap1yx:ltmBH/maxt5bwEOVC5MIzML9hufp
Malware Config
Targets
-
-
Target
TeraBox_1.31.0.1.exe
-
Size
85.5MB
-
MD5
29479b953032b1bd6ac2056691c361a7
-
SHA1
afa4ac9af3654b2dda1d2fc4ea60fa579eaa6c34
-
SHA256
c8909ff67ce9c7ffdebe28171f8eefb2eabbadeb8078409496b7f31803d45d9c
-
SHA512
20894403cd64b9f174aee6a4cec239e22f7492937f0919e4add66062575dab5cef97639ba4dc38aa905d5e5c481f680a95be6b179123bee9f3a53434354a8119
-
SSDEEP
1572864:ldJLtviAmwWBetc/tEyBVbvVnt5b5tOdX1WlCGYH1CxDMIgwMWDR8qlqmkSap1yx:ltmBH/maxt5bwEOVC5MIzML9hufp
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Adds Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1