General
-
Target
Terabox_1.32.0.1.exe
-
Size
85.5MB
-
Sample
240928-wzje5ssdlc
-
MD5
b73657d85fe21f889cdbaf4f1724ff57
-
SHA1
c10e0f8cf0abda003931c5b27ce2416a076b0478
-
SHA256
9ed5767db68fb669b3f18a0565cae471ee3800b94a187c4512e5a6691797c511
-
SHA512
b013b7015e90043e2d8c021d9ea9a87505c36ffcb4619eb5fd06bd0e2c5742c3bc3fddc3a448112def652ab26d5372fee4a2d6f95c3c5ce09a000ffb7bf457f1
-
SSDEEP
1572864:yBumaBVNigHypMDTKWRhvRL7b3NWPVQ6kzjn:yBumaRigyp8TDRhvRD3APVr6jn
Malware Config
Targets
-
-
Target
Terabox_1.32.0.1.exe
-
Size
85.5MB
-
MD5
b73657d85fe21f889cdbaf4f1724ff57
-
SHA1
c10e0f8cf0abda003931c5b27ce2416a076b0478
-
SHA256
9ed5767db68fb669b3f18a0565cae471ee3800b94a187c4512e5a6691797c511
-
SHA512
b013b7015e90043e2d8c021d9ea9a87505c36ffcb4619eb5fd06bd0e2c5742c3bc3fddc3a448112def652ab26d5372fee4a2d6f95c3c5ce09a000ffb7bf457f1
-
SSDEEP
1572864:yBumaBVNigHypMDTKWRhvRL7b3NWPVQ6kzjn:yBumaRigyp8TDRhvRD3APVr6jn
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Adds Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
$PLUGINSDIR/SetupCfg.ini
-
Size
75B
-
MD5
ac0835ca6cc22eb3547391cd28babd84
-
SHA1
6f557aeebdae72ce980b7cb0507cbdffb1c13b93
-
SHA256
fe2e95678fbd1a8b6609eb95f3e9941f67018ebab32149cf0b94b0a200354a54
-
SHA512
038269833537aab00f65a1170ff70b3e7c6ce75051ff5e8a05cf52f47438127d7df10b88c60b55996f180c0bbeeae55d58426886184f23a618447ee87aa829ec
Score1/10 -
-
-
Target
$PLUGINSDIR/VersionInfo.xml
-
Size
90B
-
MD5
be7de86dd8caf740f5f2d748762fac4c
-
SHA1
b39726f6160ebd84f74ac977b2ac6a15643e84fe
-
SHA256
db29f712197b209c5118c680d1ed5e007eb24ca0a97d688fc895d3adaf423e48
-
SHA512
78c34cf38ee46a8a026a957f7720c2c1010f3885f807dbea00e28d3ea6e108283c1b84f6ba76885c868db41066ac5d90a4d62415f7f3524c2f74bbc0bdc59e28
Score3/10 -
-
-
Target
AppProperty.xml
-
Size
50B
-
MD5
38a35ee4ef24896d4450825d30da2d84
-
SHA1
934a8104483de39185efae62e7b473380e32cfcc
-
SHA256
843a030382ce12299411cf34be5d9fb0dedf97775782386bde41e0f62b36b06a
-
SHA512
131089a9303458d5ba935eb39d6fad75e5f77cc210cef2eb4ca7b55cb457b00b60edd64ac629d72fdad9fc794125a664ed3865a563a1d90154b8d3f981e3f3bf
Score3/10 -
-
-
Target
AutoUpdate/VersionInfo.xml
-
Size
91B
-
MD5
ce123e07fb4922d383b316509fc42b0a
-
SHA1
f14430f14931c28dc0603426664029380053b92c
-
SHA256
41be369f328416e229a7f9bda1b9cadd2ee39392aacc6c33c1442559a738b4ef
-
SHA512
71d2f37e8719e9ae15fc2604b5cccfe03034e2fc747740485f2640d5280a643ae97a1066150485f572ed7018323cbdb6ed3c72d70677e33f5fc711e6518833dc
Score3/10 -
-
-
Target
AutoUpdate/config.ini
-
Size
52B
-
MD5
5cc36a5a9945e4fbda1cc8b475f98ea9
-
SHA1
16ff4141e975705252b9c556c5da8c84e7dbc74e
-
SHA256
61d88eb427ba7668f56c7391410c4de3a8e17cde7baba80291f8a06efafbef7c
-
SHA512
8b451ca92dd61ace8fc6cc4bcfc09499aa3c006803a7bdca1bdac9ee40a7b8fc9311e28078f07fbe4fbf1d40d71ffcebcf49a440ca0c6c100391fea4ee888a9e
Score1/10 -
-
-
Target
CEF license.txt
-
Size
1KB
-
MD5
7e99307cf6f619536d7e9ecb34f1e0a8
-
SHA1
1bc3889e8d392e0dcf6b1cd51fd392c791be9c54
-
SHA256
abf88b626095dff3754b2b90cda1f7353b809c8ef20c5fdce34ff8e8c11a66c8
-
SHA512
c9f7dfd6ad926ffb336dcc173a27eb3948221ea8557bbbf8ab8428346ccd13e1b4e7ab3bb9ac0b41f6728e045e0de82f50853fe61d00f80c2c58a7e65eec51c5
Score1/10 -
-
-
Target
ChromeManifest.json
-
Size
237B
-
MD5
84d4d811ee7f1a976b8576f8fc983e47
-
SHA1
71e97bf0be426f92732798d41e34e7bb92f2e21f
-
SHA256
51da5680465903bb76c4f718016083703730701702bf3b64a77c9338f9832584
-
SHA512
b99ec6b3999e820d5721fef5512c3b3c400eee45aeb077d687dfed25f9ed99bb4aeba2607d82261d4aacb1932f8fb4c6f038ba02a0a1975c15fc841366321bb1
Score3/10 -
-
-
Target
DuiEngine license.txt
-
Size
1KB
-
MD5
ec1f61829f3e9852c9019a48d8158f1d
-
SHA1
2c98b32f23f9d09df67ff0e060f210db38ad3864
-
SHA256
3dbcadda6e0a98d5f8759cfa75d0c29e473a57772c0341cc605ac63d54324c68
-
SHA512
155cf38958a6ad1f7f3bad95490172e5ec5f659045c77c96b30d470f3c5e6f00b90d98e5d6e8b7d36fa72471b1fb59166356f12d9e73e9f0463dc18edc2a3664
Score1/10 -
-
-
Target
TeraBoxTorrentFile.ico
-
Size
67KB
-
MD5
91886d4f8ea7c97366d37bb85001be04
-
SHA1
c1ecd6fd669fbce0a823ac673cf96e016eaab2d8
-
SHA256
98b0815a45fa11e0c22e63d68597d5c16c928afdeb41ace3d693c07fb4a21ea5
-
SHA512
67fcf1afae76a913f2b51ad0ad4252c79476a595417770521f6705d483114dce247dfba3c0ac46c5f4148b557eea2b7baca529733a86bdbb48465cb7f11c5e18
-
SSDEEP
1536:Gt+llllllllllllulllllllulllllllTHKrn+JrWSpI3e7ep+Qi0lvIVXVRZp8ss:K2lllllllllllulllllllullllllloSa
Score3/10 -
-
-
Target
VersionInfo
-
Size
192B
-
MD5
aef980496e31ca94eddcff0044a32549
-
SHA1
ed3f1474c6c8b09c8da07bbac61f5c03aa60d992
-
SHA256
7c71738efeb52cc51e923b4aa64fa29af5a99f60802fd922394e7ad30d25574f
-
SHA512
5144db5524ddf448a7764b7c5c9312c335a4b19365ba813303a0dd1abdbe2a6fc74291bf39df27416cd7503cd3ba85eaaca5e4a3c59c44e655292dadf4b31fbc
Score1/10 -
-
-
Target
VersionInfo2
-
Size
192B
-
MD5
395dc4ad9d5035c631fc4d08fcbc8980
-
SHA1
f4689b9bf63b448a888fd3a3f98bdd0db0bfe5e8
-
SHA256
b6068bceb6383167b13dfd64daae7af01df49bb87a87644984072c1a3f18c235
-
SHA512
13f60b7d1baaf389c9d0019b09458410482a0d27e91d5ba736108732a5934706aa3fea63938ef463afd4061750c6491eced79154ee8725c0d357dac1582d6a46
Score1/10 -
-
-
Target
autobackup.ico
-
Size
36KB
-
MD5
3c3a4366949bc445bf17425c31a4ecef
-
SHA1
86a53600db334e87eb43fca260b098b502e5ba73
-
SHA256
9e61d5732a0bbe798dd197d8d8d7ce2cdeafd9130018f1911b2ab574757e9188
-
SHA512
74d5084b46a050766b126a86e3cdc4bb46a9342a9141388b2d04aa24b69850e9700ef26a6c39759fe5467ac7107a8416640631b48eaec4149c32ac1d8f91081f
-
SSDEEP
192:whAwun8SreQObguXS+j6uzv5rkZFp+CORyACchS:wajCXfspKw8Y
Score3/10 -
-
-
Target
browserres/cef.pak
-
Size
1.9MB
-
MD5
d1c40362fe2f365dcf4363713727aba9
-
SHA1
e68372e078bcfb8baba6909ef39e05e6bcaccce4
-
SHA256
c91bb3bd9431300da48e18f9f4d576b76c5cfbb0749c0d7dbda159fdb99a3edd
-
SHA512
e179ac734f6dfc961c03a2d617d945abe1ed9fd120a02cd1f408c30d1a0b1a37667e145e302f3f2761a4de6068d4ed8737c97f8e9cf9f77e42d079f94c3e0263
-
SSDEEP
49152:YZTSD2VMdS8xOt88ZCPbfNIWY1xG0jJbaCUXEWT:RyycRd0PbVHYfG0jJPA5
Score3/10 -
-
-
Target
browserres/cef_100_percent.pak
-
Size
200KB
-
MD5
51cd116911e8e3c2e5c0367b887f2417
-
SHA1
56e54592b9a2a8623d1f3b2cd1d6ea3ef61545b3
-
SHA256
3b83236664a5fe0aaf4ef723f636c844ef60cf1f33eca92927503ed4f7c1f115
-
SHA512
ce3263846cfc0b863a6026a581f865f49bf1a4e169c0e2ac0d1833b8bc41450240198ccbc637f9d67618a1d71bbfee252745ebf2fda51159625e4a2aef1cdf0f
-
SSDEEP
6144:5IYS+zaSR3aW2rxzw95TUhx5c1YC7x10fS7/:5Ic32cUhgf1dL
Score3/10 -
-
-
Target
browserres/cef_200_percent.pak
-
Size
274KB
-
MD5
360d0c8b817b29f8ba97195453056b1b
-
SHA1
0ec45a8112de876816f833e75327c8549b6b7898
-
SHA256
6b9df3dcd3b36213d54effef64e2dddab7266ed46d24fe86bd725f4e9f036fe7
-
SHA512
a79d9655d22f019cde7df0a27d499cab104ef418abcb2106b7c7b11144f7be79bd42151d4819d07822945dc02f181a74cdb3ce30e460ce1703aecd94e6fc870e
-
SSDEEP
6144:1YS+zaSR3aW2r6DQYaF+9bQHgs4jTl5Nz73QYV85u/oFY1lo+:1c32/fs4gs4jT3Zg5u/oFu
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Defense Evasion
Modify Registry
4Subvert Trust Controls
1Install Root Certificate
1