General
-
Target
TeraBox_sl_b_1.35.0.4.exe
-
Size
85.7MB
-
Sample
241206-q3lrsazpev
-
MD5
6a91158eae5293fc435649efd565f0ad
-
SHA1
1988fdb9e28454f3fbc63e01f24475516924e735
-
SHA256
0ec7ca9a453c0fe7ac1b91dbae74a8b77e788c490b65365896d2d319128431d6
-
SHA512
8fe16d57cf354e09674d5160a363ee74748850628251d36b88069dfa41ce96e1b6d7510bf630f7106c0cd4293cbb88fd950e3add2520981b6cc0f0bffd0aedc4
-
SSDEEP
1572864:UytVxQY8XDSbjByvcK//fz2+f6feJF7+DGAndY8KXkX3w4Y1X8iwGrZd0Zr75Nuw:UytXQebjYcg/fiUTAngkXyB8ixvwu
Malware Config
Targets
-
-
Target
TeraBox_sl_b_1.35.0.4.exe
-
Size
85.7MB
-
MD5
6a91158eae5293fc435649efd565f0ad
-
SHA1
1988fdb9e28454f3fbc63e01f24475516924e735
-
SHA256
0ec7ca9a453c0fe7ac1b91dbae74a8b77e788c490b65365896d2d319128431d6
-
SHA512
8fe16d57cf354e09674d5160a363ee74748850628251d36b88069dfa41ce96e1b6d7510bf630f7106c0cd4293cbb88fd950e3add2520981b6cc0f0bffd0aedc4
-
SSDEEP
1572864:UytVxQY8XDSbjByvcK//fz2+f6feJF7+DGAndY8KXkX3w4Y1X8iwGrZd0Zr75Nuw:UytXQebjYcg/fiUTAngkXyB8ixvwu
Score10/10-
Zloader family
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Adds Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
api-ms-win-crt-filesystem-l1-1-0.dll
-
Size
13KB
-
MD5
4ec243792d382305db59dc78b72d0a1e
-
SHA1
63b7285646c72ee640d34cdc200bfc5863db3563
-
SHA256
56e0bdf91edb21f5f5041f052723025c059a11360bb745f965a9903de9c61756
-
SHA512
88f648d45927db65ff8cead4bb1959b1297410bf3f5b3b2783a173d708649260a61470342694de8b93e9c1657de64db43db40ee71acc661b03786c0921d68d4b
-
SSDEEP
192:b7q6nWlC0i5C5WOhWWT71ojDBQABJHTTKJqnajLQvTP+8jIrF7:/q6nWm5C5WOhWXDBRJHTGJlvQyUIrF7
Score3/10 -
-
-
Target
api-ms-win-crt-heap-l1-1-0.dll
-
Size
12KB
-
MD5
a51cfb8cf618571215eeba7095733b25
-
SHA1
db4215890757c7c105a8001b41ae19ce1a5d3558
-
SHA256
6501894e68a3871962731282a2e70614023ec3f63f600f933ec1785400716ce1
-
SHA512
9ae11ab21486dea1aba607a4262f62678c5b0e9f62b6a63c76cfdc7698d872d8696ffb1aaae7aa2e2cf02c1c7eaa53d0ce503432960f4be6886fae0de2659535
-
SSDEEP
192:8Y17aFBRkWOhWXLT71ojDBQABJz5qqnajxcRGlPHisg:9RWOhWXYDBRJ9qll7PHip
Score3/10 -
-
-
Target
api-ms-win-crt-locale-l1-1-0.dll
-
Size
11KB
-
MD5
8d097aa5bec8bdb5df8f39e0db30397c
-
SHA1
56f6da8703f8cdd4a8e4a170d1a6c0d3f2035158
-
SHA256
42c235914844ce5d1bb64002fca34a776ae25ee658fc2b7b9da3291e5def7d4d
-
SHA512
a891536e2a362fc73472fa7f5266ce29e8036959701bc0862f2b7ea5865dcd1505615edc8e064fb2f7aaa1b129e48422efe7b933b01faed9c2afadd8a64452dc
-
SSDEEP
192:iWOhW6UT71ojDBQABJmRqnajsl/cqt0AEV1:iWOhWQDBRJmRlPqubV1
Score3/10 -
-
-
Target
api-ms-win-crt-math-l1-1-0.dll
-
Size
21KB
-
MD5
ab87bdae2f62e32a533f89cd362d081c
-
SHA1
40311859dd042a7e392877364568aad892792ba9
-
SHA256
0439703e47c8fce1f367f9e36248a738db6abcd9f2dd199cb190d5e59ed46978
-
SHA512
dbe0073da8979f3d32204680015b60435226840e732b5df964dbeeb7920c0bc5df92d866964f905518c97cc3539f628664503ffa64e50a2ef90c459b62555444
-
SSDEEP
384:n47isbM4Oe5grykfIgTmLOWOhWB9DBRJelXBtpObE:41Mq5grxfIn+c91PkKE
Score3/10 -
-
-
Target
api-ms-win-crt-multibyte-l1-1-0.dll
-
Size
19KB
-
MD5
169e20a74258b182d2cdc76f1ae77fc5
-
SHA1
fce3f718e6de505ac910cb7333a03a2c6544f654
-
SHA256
224f526871c961615de17b5d7f7bbef2f3a799055cab2c8e3447b43c10c25372
-
SHA512
0881c8704421a5f6e51abd22c55608dd7fb678491682ce86066e068b1973ebf11d6c2163be610a49f87e800c8563ebb41abfe36e1913d7d0b8485fd29ed81bf7
-
SSDEEP
384:iy+Kr6aLPmIHJI6/CpG3t2G3t4odXLlWOhWrDBRJ2pll7PHI:iZKrZPmIHJI6Bq1PUo
Score3/10 -
-
-
Target
api-ms-win-crt-private-l1-1-0.dll
-
Size
62KB
-
MD5
682bf6b9c07a64929a4484db51d6c13d
-
SHA1
07672ce8f08db3b1d745b71e9db3e4729c70793c
-
SHA256
bdd0cca431ee362bed4f2c1eccafb22aa8dd51d57014be8297789175e5c11f2e
-
SHA512
e4ae0fc24114a58baede8443cb9275811c12a321ac898cda89efbd07474b8e60a564c55bbd82e37f521bf46b05fc1ca876f9b33f6d4bbbaed9fe0f03c937fce1
-
SSDEEP
1536:KaYDe5c4bFAcvxXWpDid3334BkZnGPMwPn7+9:6De5c4bFAcvxXWpDid3334BkZnGPMwP2
Score3/10 -
-
-
Target
api-ms-win-crt-process-l1-1-0.dll
-
Size
12KB
-
MD5
3838dd55b0237af0fbac474abb6614cc
-
SHA1
0c47256f4a29bc3fa889b5fbe0b1f2d712acf4ed
-
SHA256
51862322ae3354f254045545b4ff64b7445bc99107b4526c3430de9ce5c60d88
-
SHA512
cca018899156601146c5c6aa747603a62d70e3dbbbbde377b06a78f3d0f2d83f11d7f3db71d239f4ad8ce2e38b92c93175d2af5af56905f87a755b8dd59b7836
-
SSDEEP
192:nRQqjd7xWOhW8T71ojDBQABJkoHqnajLQvTP+8jIrrNX:nKAWOhWRDBRJkMlvQyUIrrV
Score3/10 -
-
-
Target
api-ms-win-crt-runtime-l1-1-0.dll
-
Size
15KB
-
MD5
49363f3cf4671baa6be1abd03033542f
-
SHA1
e58902a82df86adf16f44ebdc558b92ad214a979
-
SHA256
505d2bde0d4d7cd3900a9c795cb84ab9c05208d6e5132749ab7c554ccd3c0fcc
-
SHA512
98e78a607cfbb777237dc812f468ec7a1abcba9472e20a5780dfc526f7992da1841fcd9e2f76f20fa161240007f185c7fbdc120fb4c3c1f2b90fdad5913d65dd
-
SSDEEP
192:90CjfhrpIhhf4AN5/jivWOhWXT71ojDBQABJBkQgqnajxcRGlPHei8:9b7hrKMWOhWkDBRJBEll7PHQ
Score3/10 -
-
-
Target
api-ms-win-crt-stdio-l1-1-0.dll
-
Size
17KB
-
MD5
be16965acc8b0ce3a8a7c42d09329577
-
SHA1
6ac0f1e759781c7e5342b20f2a200a6aab66535e
-
SHA256
fcd55331cc1f0ff4fb44c9590a9fb8f891b161147a6947ce48b88bf708786c21
-
SHA512
7ba55fa204d43c15aca02031f584b3396bb175365dad88e4047b8a991f1f1ddd88d769e4d8cb93ee0ed45e060a1156e953df794f9cb8bb687c84c4a088da2edf
-
SSDEEP
192:5FbNpuWYFxEpahvWOhWQT71ojDBQABJ/EXqnajL1dHx3tKCJAfg7:LUFVhvWOhWVDBRJclXBtpOfm
Score3/10 -
-
-
Target
api-ms-win-crt-string-l1-1-0.dll
-
Size
17KB
-
MD5
3eae6d370f2623b37ec39c521d1f1461
-
SHA1
86d43e2e69b2066333e4afa28a27c7a74ff89991
-
SHA256
ce74bdc6999d084a1b44b2ecea42dd28849b2825d7779effdc4c18360308b79b
-
SHA512
30b2b6cf5cd1bbdf68de048e6d992133fe7ab0c847fa0d5eb8c681a9688d60794621a40178451a104036a0fff2e1bd66a18d9f96be6b28dbdc0bc1c8a535fc85
-
SSDEEP
384:2iFMx0C5yguNvZ5VQgx3SbwA7yMVIkFGl7WOhW0DBRJglI66YeOtOk:26S5yguNvZ5VQgx3SbwA71IkFid1P56x
Score3/10 -
-
-
Target
api-ms-win-crt-time-l1-1-0.dll
-
Size
13KB
-
MD5
a440776e10098f3a8ef1c5eaca72958e
-
SHA1
7b8662714f6e44fb29a4224a038e4127964003e9
-
SHA256
40d8bc312ac7bca072703e5f0852228cde418f89ba9ad69551aa7a80a2b30316
-
SHA512
b043cd020d184a239510b2607c94210dc5fdc5d2a2b9285836bdce8934cc86a1cc3f47a2f520b15db84f755ac2e7c67e0247099648d292bbd5fb76f683d928df
-
SSDEEP
192:uamDOWOhWKT71ojDBQABJUBXqnajL1dHx3tKCJAH:l/WOhWLDBRJUtlXBtpOH
Score3/10 -
-
-
Target
api-ms-win-crt-utility-l1-1-0.dll
-
Size
11KB
-
MD5
a0a883e26be6800508162e2a898148d9
-
SHA1
4f79892e7766cb7831211864978575598c86a11b
-
SHA256
9753ae83536767c73e340c36c5f1610bc76a3e67e033b07503ec31431cba7b90
-
SHA512
70904f2fd074073aebcf665178b34cf7f0f42ced7223ca296f7f202f6fa0175ace2832d9802f5bff4d67891ca09ae14fac47420d69107e72aa44b541a190f6c3
-
SSDEEP
192:jfHQduLWOhWnT71ojDBQABJcGqnajMHxxBNT06YeOh0:jf9WOhW0DBRJcGlI66YeOi
Score3/10 -
-
-
Target
cefbrowser.dll
-
Size
416KB
-
MD5
c5775324a9faba7ebba62b8fb78c7068
-
SHA1
6f7b2f877d139a227c182fff0f593b2080e56f5d
-
SHA256
4c1c32aa50caa2b7d064c0efc988280f7e8aa2a5ce52dc0e6548247cbfbb6c40
-
SHA512
620e359048a1850d64203392ccf492ff56d74786e2a799e20a0423b368825d254d1f4cbe6b6f2b4ef14de806ba7d794f74403ae8f1b7ff3d5b7312df1574b8da
-
SSDEEP
12288:qWZcsVRNXUKNurhHQ1rLwt4w3hgpCCckCbnAckzHKL7:MsVdurhHQ14t4w3WpCClCbnAckOL7
Score3/10 -
-
-
Target
chrome_elf.dll
-
Size
846KB
-
MD5
f8197ee11a4c7c43d3a069900d490dbb
-
SHA1
65d5421e21c66881e98f4f34d9a3ff5f8a987857
-
SHA256
1da7533650c09734dec409d9510300d0995df75c84dd0c6fe70b7eeebec30fef
-
SHA512
9ff9b567b5f963e7ed0ab7854f13aa5e30dee3187dfd2b44442bde94e915bf7525e5fcb8d615dbced58d09d2e75cd6fa4933e0300b33ae18a1d9b5910ba996ed
-
SSDEEP
24576:mUNvTY1kuFGfF4uENU+C6LQ9TdrZkVaTAjvo77:/YDofYNUCVasjvw
Score3/10 -
-
-
Target
concrt140.dll
-
Size
237KB
-
MD5
abdef5f24d965beb17acc7948b4bebfd
-
SHA1
d671e6fe9fb1b9a675f3ea50a15d5318e7af0978
-
SHA256
4e822f847073f81c781be433eff6c68db616efad49cee50a5e19997fb46a9da0
-
SHA512
fde514a3bda56ffcfeaaaa7ddf6a4c89130d5f52936c82e9d8c5d771cbc228e387d0845300be98d7f40d4ca3b06c8a783411ddc0c1e258e10745a50d0fe1115e
-
SSDEEP
6144:YVtg4bkcTc3uYSw5ejegvGw9xEPOL8an39bkH1r12z/WK3b+B:YI4xL+wsQ8anK1AzrG
Score3/10 -
-
-
Target
d3dcompiler_47.dll
-
Size
3.5MB
-
MD5
9b58feb4a769e22652f6e956bdafafcf
-
SHA1
ce16031770509c31733bc5509dd65d0465737505
-
SHA256
11a8be57e24ad81ff288401c0429360da1b70e811f25296e29739b84899cb32e
-
SHA512
d574eabf99208ff968a170bfb9c8924305eda33bdba850cc75245b9277590622eb0b75e463d58c472d91859af041afaf4db5c820a17b89fa192a08011d294904
-
SSDEEP
49152:xjmJAksRXmBNgC9ITPPE8WHmy0HRZ+kyOzDJn5c5v5H3pqC23u6q+25omPEyXzjy:xy2Ckrj+kyOv2MJ+6q8kbqS/A
Score3/10 -
-
-
Target
kernel.dll
-
Size
7.5MB
-
MD5
3addcb27ffbfeecf0cf1f4980e0b0baf
-
SHA1
dde794a1bb1fba39d30334b0abce6010092c5d27
-
SHA256
15c2a89dc69cc532d59c40946f4764aeff284fd01734c2f5783efd60ce14f40a
-
SHA512
3f2ed545f5f913f645506829192291098a7981afdc761f5cb996c299abe0cd5befc1585b0bafd189a5505b3543cadb340df50fbf9551de4c84b9d193628a082b
-
SSDEEP
196608:4uoz1uHMDYjG4mJmvoG7nAbyrxpetNvjr:4uozPoumvozbyOr
Score3/10 -
-
-
Target
kernelUpdate.exe
-
Size
2.4MB
-
MD5
27d529b1f2b33d8d588b18e8e62dac5b
-
SHA1
70da44e6d65c33ff1401e3249a632508310e9c5a
-
SHA256
2a9fa5451621428e8d405d72d948a4ec67f0173bed4ab5d271a3ffb64d4f2a92
-
SHA512
113d7dbb16d9a4e049182752f0f52676aed603e772d5c3623caa9229f17900fd2d18ce2bfb9f77f577780c83a1d10a50e23a768b1cd6ace5948f3b0c649ad50b
-
SSDEEP
49152:CxigXzsKzHYGTK53O6ZyoXRfon0l2hH3aGMgD/umCC6DHOvJDr6aP2wTcD98sszA:Cx1sSYh3O68odDm6o4
Score3/10 -
-
-
Target
libEGL.dll
-
Size
339KB
-
MD5
529ba49553865da225a51e5b379d2bc6
-
SHA1
9cf033a72f705f14ac2a34e97915fcb24eaae3ae
-
SHA256
353f1f31c5daa230ea413e562b87fa5ba756e7190082a72ee3ddf75701d14e45
-
SHA512
f23fec4dab58c2468a3ca986422f29e1bdca9a72df94f9c94d1f97758bad0136557534bb9e9fa7d22c76a2355709505cda47ba78f71f0922bcc355eaecd9db54
-
SSDEEP
6144:ttEh7IlyUXhM3FLzcHGQcmZGyYGRSkvY3fzJnwSwbFPWjZGaBcPNvSz7:tm+lyGcmIyYGpvY3fzCaZlcs7
Score3/10 -
-
-
Target
libGLESv2.dll
-
Size
5.2MB
-
MD5
69cb9035012b445752f366fdbcdc1330
-
SHA1
17e15f77b6b51d3a8ba0d8ef4c44f74952ac4000
-
SHA256
42b4d924e94fca04094f7b9fe318a726c33001e7d4dc4313e3655f68ee714023
-
SHA512
dde200611d8fa2bd99b128854258ef371723d1854396d8b6fb8b976c77643b17d1fa07da72ea68695c04e5babd6fb38baa8ad8abd6fb452855b9156c5de6cb98
-
SSDEEP
98304:WyHvU6gTY6Y9zIreEkjvTDIEsBwBdu/mCVUYh2dOQu2pfMpZw3:WyHF8hYZIrepIEsQkWYh2dlp
Score3/10 -
-
-
Target
libcef.dll
-
Size
113.1MB
-
MD5
e3e890f90e2b1285bf1f5ca698e1d39e
-
SHA1
26ec530bc4a14940bb1c0f2525d27c12a319fa6f
-
SHA256
6eabdbcc9e644b5cc0a79b1d3e3fba205fef35346a733c35a8f33ad677a72f9d
-
SHA512
400f9d2fe50d4b87e53b62ddfbc6339fdad0958bcedac94c5a4bb6b0537700520147df8fb238a563e57761e7d5fe588c9ebfa6739c04eb26c7a5d90e80817a2c
-
SSDEEP
1572864:AJDYtDe6+JOlgEQNTHCPYmf7W5v8051LgovRUHb8tHjv50Ap16SzOVgRnU:AlYHoTiPsxHB3yX
Score3/10 -
-
-
Target
minosagent.dll
-
Size
2.9MB
-
MD5
216a2dd23f95bdd63cd88a50eb7e69bd
-
SHA1
9c63635c26e276179f8dba9e02079bb3170b0321
-
SHA256
63da24020a82333c79806f3f8aa92fb9103f20b0b90ab095ee52601f6b154ada
-
SHA512
390ff16e8b0c07c1bda03584096404bdd22d69a0eb39a76fc6155c81584e1a7737f8f9d359a7be8e861bcfb02ced46950a8ef6c20a896774647086c21ee7edf0
-
SSDEEP
49152:XgWzAviqiTcfvRZpfWJR4S7PqDOzC0TsEF+W:XzyiQHtS4S7cOd
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Defense Evasion
Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1