zloader | a1941786149857faebfd4f2731022d8af6aaa984b981bffd40bd123472b0beb4 | Triage

Sharing

General

Target

Battly-Launcher-Windows.exe
Size

183.1MB
Sample

240626-bg2tjsxgrk
MD5

777dae8f41c5c9ba97b798fcd52612de
SHA1

03ec3ee7b1e1a47dc8b0e7f5f980ebd7071c469b
SHA256

a1941786149857faebfd4f2731022d8af6aaa984b981bffd40bd123472b0beb4
SHA512

792ccba986338f3a3d5475d615fa276a73c52eb483484ee2fda16a143f1100afdfd0dea2bb309bfba54202e07707df7bb025677f6477bf44ddb8f2282093f592
SSDEEP

3145728:qJcuNt6i+X0MdTUPo+YFawtU4odz5zA436E7IkGl0BkChNw5+VTmms+B6Q8k:ScuN7+QYFjmPz5zAJ0wahNw5+VTTs+Bl

Score

10^/10

zloader execution

Malware Config

Targets

- Target
  
  Battly-Launcher-Windows.exe
- Size
  
  183.1MB
- MD5
  
  777dae8f41c5c9ba97b798fcd52612de
- SHA1
  
  03ec3ee7b1e1a47dc8b0e7f5f980ebd7071c469b
- SHA256
  
  a1941786149857faebfd4f2731022d8af6aaa984b981bffd40bd123472b0beb4
- SHA512
  
  792ccba986338f3a3d5475d615fa276a73c52eb483484ee2fda16a143f1100afdfd0dea2bb309bfba54202e07707df7bb025677f6477bf44ddb8f2282093f592
- SSDEEP
  
  3145728:qJcuNt6i+X0MdTUPo+YFawtU4odz5zA436E7IkGl0BkChNw5+VTmms+B6Q8k:ScuN7+QYFjmPz5zAJ0wahNw5+VTTs+Bl
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  resources/app/src/assets/js/index-es.js
- Size
  
  33KB
- MD5
  
  ca5f26a1bca7d0379bc07aa2196b9ae1
- SHA1
  
  384fd58e544cdc1d246e0b5077ebc1fc8e77800e
- SHA256
  
  7b84738f06f865a0bc533041e12acc8e2c651f153b8df96ca0a43956dddf20f9
- SHA512
  
  ef19bb165a47de0625499919db32788f7ee8ba563210f525fa7db074b8521345a6e0bc35cf2d51daab7fcc9441dfbb8623f19b34b4ce3fcdd6f65c6173bdab35
- SSDEEP
  
  768:HB1s6znYq6sWDnYUqsAffnYnZH54UiD6YSj75zHVPEt:HLs6znYq6sWDnYUqsAffnYnZHFxX5BPy
Score

3^/10

execution
behavioral3 behavioral4
- Target
  
  resources/app/src/assets/js/index-fr.js
- Size
  
  33KB
- MD5
  
  ca5f26a1bca7d0379bc07aa2196b9ae1
- SHA1
  
  384fd58e544cdc1d246e0b5077ebc1fc8e77800e
- SHA256
  
  7b84738f06f865a0bc533041e12acc8e2c651f153b8df96ca0a43956dddf20f9
- SHA512
  
  ef19bb165a47de0625499919db32788f7ee8ba563210f525fa7db074b8521345a6e0bc35cf2d51daab7fcc9441dfbb8623f19b34b4ce3fcdd6f65c6173bdab35
- SSDEEP
  
  768:HB1s6znYq6sWDnYUqsAffnYnZH54UiD6YSj75zHVPEt:HLs6znYq6sWDnYUqsAffnYnZHFxX5BPy
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  resources/app/src/assets/js/index-it.js
- Size
  
  33KB
- MD5
  
  ca5f26a1bca7d0379bc07aa2196b9ae1
- SHA1
  
  384fd58e544cdc1d246e0b5077ebc1fc8e77800e
- SHA256
  
  7b84738f06f865a0bc533041e12acc8e2c651f153b8df96ca0a43956dddf20f9
- SHA512
  
  ef19bb165a47de0625499919db32788f7ee8ba563210f525fa7db074b8521345a6e0bc35cf2d51daab7fcc9441dfbb8623f19b34b4ce3fcdd6f65c6173bdab35
- SSDEEP
  
  768:HB1s6znYq6sWDnYUqsAffnYnZH54UiD6YSj75zHVPEt:HLs6znYq6sWDnYUqsAffnYnZHFxX5BPy
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  resources/app/src/assets/js/index-pt.js
- Size
  
  33KB
- MD5
  
  ca5f26a1bca7d0379bc07aa2196b9ae1
- SHA1
  
  384fd58e544cdc1d246e0b5077ebc1fc8e77800e
- SHA256
  
  7b84738f06f865a0bc533041e12acc8e2c651f153b8df96ca0a43956dddf20f9
- SHA512
  
  ef19bb165a47de0625499919db32788f7ee8ba563210f525fa7db074b8521345a6e0bc35cf2d51daab7fcc9441dfbb8623f19b34b4ce3fcdd6f65c6173bdab35
- SSDEEP
  
  768:HB1s6znYq6sWDnYUqsAffnYnZH54UiD6YSj75zHVPEt:HLs6znYq6sWDnYUqsAffnYnZHFxX5BPy
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  resources/app/src/assets/js/index.js
- Size
  
  3KB
- MD5
  
  a43acb5bbde4eec35fa3992eca3a0fe5
- SHA1
  
  5df08727880475be34beabb49c80d04a1638ab07
- SHA256
  
  3c53963dae15a539bf383875155233cc4c1a069e5ba7c13937699c992b8a2701
- SHA512
  
  588412abff1307a4733bc5b0795ad1098791898e2329955a5db551bf51ad754382f16a0a6dd57717f135b0e9c334e4cc8b678353302d4960137462b24a919350
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  resources/app/src/assets/js/langs/de.js
- Size
  
  2KB
- MD5
  
  7e92d2cad7c8fbc818773cd36fbd3c1d
- SHA1
  
  befce8d4b6c9a70aab397b21bcb6126aebd04014
- SHA256
  
  d3c464adc6d797c99d327ca99a44e8f0c09c27f17697b46ef5e18827447e8a00
- SHA512
  
  a19940ee4bc94428bb6dc4150c5aa33a48e43cddb5ce8390f0c5d307dc17e6099f8d9f2f6910ab2f49e283c88f469f6de595a45a18858145d8e351ec73d56cc5
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  resources/app/src/assets/js/langs/en.js
- Size
  
  2KB
- MD5
  
  fabd52d878afce034dcadd66d3eb4f89
- SHA1
  
  6c6fb98e987ae270c645ff8c0fa92d1d8335cc35
- SHA256
  
  0b13760ed920334039a7101c261b459afaba6cf54ce38141a0ca01240bd6c2a3
- SHA512
  
  cb92ea868e9579bd0d96c240567df0ed056b8901c415bf84fca23f7e2fe88f2e7727a1ef2592ccf0f81ad53fbdc1bb8db91cb5ea9062c0feff6da3e950bcdc0b
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  resources/app/src/assets/js/langs/es.js
- Size
  
  2KB
- MD5
  
  6e6fdf68120d784a17b10a8e1d87c2d8
- SHA1
  
  e6ef1aada60b098a9cbd60028a64a5f5aacf3407
- SHA256
  
  0bfb77caf7b42746b6738f4127ea215b43ed7d9e311b158d8776b22ae6a1e531
- SHA512
  
  be6b434436dafea7f545b208e525335d72013b9ac967b3a184598ecf06ed6fba1d5b6fda5ed59973f598648af3de4cbd1565622bb934300a238c733fe16760cd
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  resources/app/src/assets/js/langs/fr.js
- Size
  
  2KB
- MD5
  
  a35d19500b06754a3308ddb92c262511
- SHA1
  
  e449a9695a57b08391885cc5d91c567e49c99abc
- SHA256
  
  1c235fffe490afb6c0a7d0430fa9a25bfb5758eb35a538302c9157e7ba534896
- SHA512
  
  d1771f415ca5d57ab3b206d0cd3407ae34f7fe02c153a58b705752fa97600993a722edb6e4a90ac68e293c9f35b2479aaae901c2bf2641a9c2fd5e3fe98c764d
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  resources/app/src/assets/js/langs/it.js
- Size
  
  2KB
- MD5
  
  cfb1c019bf8ce6a54fecac85fe977c21
- SHA1
  
  58ca965580e469268907367383a22428809a5ea2
- SHA256
  
  fb0081fb62ae85e7cb8e54ec6bd7c32c074e2bc248004482ef71f56a225d923d
- SHA512
  
  3f187905cb9e5ce62383307a655df103a403882257358be4c25d8b15a09998459b093b04c77a6e32063d9541b704409774b288df2ad8cb88d51929c00409d7fb
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  resources/app/src/assets/js/langs/pt.js
- Size
  
  2KB
- MD5
  
  4725585d5f554ae09bcb1a5cbdfaadcd
- SHA1
  
  b33ab03f201c43b8daf3c7b3a757eaca9e7f6d18
- SHA256
  
  40adb344950d94f896d4d87837183296351fb0a59b200f1c4a61f737d3d1157b
- SHA512
  
  e0744b221f65c797a56ef00b1a776ed181e33904ffdd422653e0beb7d79313cd88fcbefa0a5714668b325d8701b00889896b87d1bffbfd7f9f7c14f985917e3c
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  resources/app/src/assets/langs/de/eula.txt
- Size
  
  1KB
- MD5
  
  034c849c523857de4cf795df27805fd5
- SHA1
  
  85136cb0504cee1556adcead07eb08b62e49c7d7
- SHA256
  
  d8bd4d434263c532ba669cd886da8fd2023e5b8fd4fcbd0b9e65de381aa364d1
- SHA512
  
  6e367edd5ca43ca49a231351f2d098cc4c7d014632f20fc1886c5c483d462d32812f5f80d4c2f1fb870c5f510074aadd0d57be9bdab287a3853fe7413c3e7908
Score

1^/10
behavioral25 behavioral26
- Target
  
  resources/app/src/assets/langs/en/eula.txt
- Size
  
  1KB
- MD5
  
  3502e4d5201045a7031b73d80607f458
- SHA1
  
  fa6ee204a10bfd5a361778c399ec731f3f955df5
- SHA256
  
  9ec862c78732f33b21749048c9d6d6a17ed2c8344ba42fb06ed1ceff255dfc98
- SHA512
  
  c899f9b40931158d24a5b0a277af9cefaa4c97ebdc6a6b75701d5eeb0fbdc4a0f00146c8f7c6ed0ea1e8fcfbadc285ee57ff5bbdaea6e7ca7f67b959b4e1a06a
Score

1^/10
behavioral27 behavioral28
- Target
  
  resources/app/src/assets/langs/es/eula.txt
- Size
  
  1KB
- MD5
  
  3c09cb08016752513697717cb4524919
- SHA1
  
  4aaa2a8d3f1e759570252e0bf16b744b575fbb38
- SHA256
  
  6458dd3cfef6f596c6ba49bf5cb42429b8573ac9af021d6e0fedb8c2f89a3e5c
- SHA512
  
  4c866141850d40ba21b20cb96a2f7bed13afc6b0534fdb08e68381ea40ba072fc769c15cd416a0a5c6e71aa485a44d364327d215af7ba581340363e61809c11d
Score

1^/10
behavioral29 behavioral30
- Target
  
  resources/app/src/assets/langs/fr/eula.txt
- Size
  
  1KB
- MD5
  
  46bf10874c2102fa9097eb08198fbbd1
- SHA1
  
  15d1451e4d071b67ac7d1ab79ba572f85eca26b0
- SHA256
  
  40d93c0fe88b10a1b92054fe19431613ebfd629649efb9f659ae5d3f905c831b
- SHA512
  
  73962e4edfb7b4fb14533b62f55e588d6c4f38a0998e95c50cd564ed8e0b7dd2f890cbce72201f4a2684dac81a0f218950ded3a55db422ca596266279e129c8a
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32