zloader | a1941786149857faebfd4f2731022d8af6aaa984b981bffd40bd123472b0beb4 | Triage

Sharing

General

Target

Battly-Launcher-Windows.exe
Size

183.1MB
Sample

240702-2ewsmaxcrr
MD5

777dae8f41c5c9ba97b798fcd52612de
SHA1

03ec3ee7b1e1a47dc8b0e7f5f980ebd7071c469b
SHA256

a1941786149857faebfd4f2731022d8af6aaa984b981bffd40bd123472b0beb4
SHA512

792ccba986338f3a3d5475d615fa276a73c52eb483484ee2fda16a143f1100afdfd0dea2bb309bfba54202e07707df7bb025677f6477bf44ddb8f2282093f592
SSDEEP

3145728:qJcuNt6i+X0MdTUPo+YFawtU4odz5zA436E7IkGl0BkChNw5+VTmms+B6Q8k:ScuN7+QYFjmPz5zAJ0wahNw5+VTTs+Bl

Score

10^/10

zloader execution

Malware Config

Targets

- Target
  
  Battly-Launcher-Windows.exe
- Size
  
  183.1MB
- MD5
  
  777dae8f41c5c9ba97b798fcd52612de
- SHA1
  
  03ec3ee7b1e1a47dc8b0e7f5f980ebd7071c469b
- SHA256
  
  a1941786149857faebfd4f2731022d8af6aaa984b981bffd40bd123472b0beb4
- SHA512
  
  792ccba986338f3a3d5475d615fa276a73c52eb483484ee2fda16a143f1100afdfd0dea2bb309bfba54202e07707df7bb025677f6477bf44ddb8f2282093f592
- SSDEEP
  
  3145728:qJcuNt6i+X0MdTUPo+YFawtU4odz5zA436E7IkGl0BkChNw5+VTmms+B6Q8k:ScuN7+QYFjmPz5zAJ0wahNw5+VTTs+Bl
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  resources/app/node_modules/adm-zip/adm-zip.js
- Size
  
  30KB
- MD5
  
  9b6da3cd4a4ce0963e80d0e6dc1a11f1
- SHA1
  
  fce6550c2231f60425661f2f7db99efff491cdff
- SHA256
  
  cb49867d6ffe8e7c08ad0e6466c86450b0f81910069ed1ad9d5b7b9c27367929
- SHA512
  
  38f325ced4315f7fd39f9ec885e1a35f8d5c49bfe9721c3ae0b54d040c76e7df3e6d557f76bb5783594b0fe5c15f9e73f8c7a21fee373ecbd97ed9220d3127ba
- SSDEEP
  
  384:T4XzvHf944AOOLlPHWuFz5AjHxLPVzVbAB1kfVeHW3W5SqdCLFWYi82et/2Ktvbe:UzvF4DPHzFn11IqdCpoFaU
Score

3^/10

execution
behavioral3 behavioral4
- Target
  
  resources/app/node_modules/adm-zip/headers/entryHeader.js
- Size
  
  11KB
- MD5
  
  db0294dd88cf4922e3cbb5e45d087287
- SHA1
  
  f46ea2a1a7e9cb0c6c25fc436743b78d95da1841
- SHA256
  
  d3ca0adfd642be6287daf5a7cc8d3959332f31ba52b6ef1a53e4520bf4175f3f
- SHA512
  
  2f77a248db215a4d7287dfe7227adc1bbd4239d31731a743994dd4a4e4f0aa061dacb3fc9d79f22364d3771ac3b36d41dca5788b34892c94f8cb8d2d95a6b661
- SSDEEP
  
  192:ybVz3fxOy27Ad1mMcyfPrzq638jfhDq5YoYfXSlAHhDQf:y5fxOv7VMcyfPXqm8jfhD+
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  resources/app/node_modules/adm-zip/headers/index.js
- Size
  
  94B
- MD5
  
  64bc889b89f1c8a04a698a8f74e24e5b
- SHA1
  
  68781da04cf1ebc4f03434ea5b2b65f10cca07e6
- SHA256
  
  536e4b5bf009a3d9f6eccfbbc4157cb6de663d889e0826ea5f6e5fa17aaeb8bf
- SHA512
  
  9eb207fa61862aebd9cc5a89f85757313c7f163ea0f5a15c16250f79845b9caa1d8109bc3e634a9ed3fb0616c71aed3005ace48eff0941518c778c3063613975
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  resources/app/node_modules/adm-zip/headers/mainHeader.js
- Size
  
  4KB
- MD5
  
  1d35f59aece6922da87e6183e7f8379b
- SHA1
  
  b772c6b2285d6f7c099bfd7ace005e730bd12c78
- SHA256
  
  3269b558fd8990df8ae1f500268e0512854c04bffefcaa0e584360de1809b84a
- SHA512
  
  3cb59c8fb586a89936ad4fbd4d29c54cfe8e0ae9abcc4ff70ef03a3cdbefff9b4a5d91658da79e6746ab01af9cfc57dd908b8e478ee4aee5848e0252a1f68603
- SSDEEP
  
  96:riWDe6p2ciGztwfWH7gNJzaI2mhUJfPok1:rFDe6pPyEp1
Score

8^/10

execution
- Downloads MZ/PE file
behavioral10 behavioral9
- Target
  
  resources/app/node_modules/adm-zip/methods/deflater.js
- Size
  
  1021B
- MD5
  
  41fd6791497f7d74ee56a7753e08da66
- SHA1
  
  bd62d07bfe703da89172fcfeaa8848d6ba5c68b4
- SHA256
  
  6dc41b2460594cfa5136b797653c166b2f7403820a40f2fca17cca35a5de1b5f
- SHA512
  
  5f16aeb477321470986a8c9807ebf3b75e979e5fb34156028ef56f44f38c4f4d72d9d086784e9dfedeffa61f91f973b6ac7e7ba1730eebd86bb549de2dbb4761
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  resources/app/node_modules/adm-zip/methods/index.js
- Size
  
  128B
- MD5
  
  74d54dda1e050cad9b31da325f92fb01
- SHA1
  
  683b0412f3bdb3ae54cd809e37f456dade4d046a
- SHA256
  
  d67714f1a04be942f90be77069af3ff4214aa8ee84b26edeff3a87eb0d8e2dc0
- SHA512
  
  88ff974e69207c427ce1c9161489a275c4328ba392da65b268614fd5c66ef9feb10dafe1464dcc5873221de61bdb045dcf47092760c973ec06825158978df3e6
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  resources/app/node_modules/adm-zip/methods/inflater.js
- Size
  
  936B
- MD5
  
  ddf58fccf9d270a32d6fe17fe86a26f9
- SHA1
  
  c720d51c923aa71bce2a27a3d081af09de0e2a67
- SHA256
  
  ac2c664bd94fe9daee76174aa00d149d60bbbe6ae5d5865b14bd76e9b7d2d612
- SHA512
  
  bc5914af2950f7e87b0071d54f885b7ef494cee1f036e9fe2e31365506ab78a6327dd25d2c565c09b0ecd465ddc79bb8fc5ff7b6c3a9b15a4d4f044fe816d610
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  resources/app/node_modules/adm-zip/methods/zipcrypto.js
- Size
  
  5KB
- MD5
  
  84d22177957b42a5f8cef39e729bcaef
- SHA1
  
  6a6dea4aab4c6c8b1b4b19a246f01b03cb114711
- SHA256
  
  2b76c14cac47da833e1bdf690faf68acc0f5ceb645605df876f42e67801d2f1c
- SHA512
  
  a94de7eb1aac18bba8854041a8d9a2f035dacc338e007462d891c6557f68c7a6d179d82078f0bddc047e29766f961e7c83c5a278a08e8b3b72917f61625320e0
- SSDEEP
  
  96:kRFxIiQ1K80cAAbZPxijV/7jRcDG2+2Ihpq68rMyA+GBBEF/yJ/rshl2kJGWvLoC:kOiQ1fUAbZ0jxdz2+thJ8FoDJ/g+K1EC
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  resources/app/node_modules/adm-zip/util/constants.js
- Size
  
  6KB
- MD5
  
  9557c90a448baec12cf2cb2f97e2c5a2
- SHA1
  
  19ece17c4aed05723601ec510ad2020fb462cf52
- SHA256
  
  208e943a2e5faad056047f3c7991cce3cde637d8e272a564f2546210ebdf2069
- SHA512
  
  433a683e049a8d2fa321e9cf6932c2f5075c83f1713a9d0514956310174ef2959d0c8378a039d27d0a34f321262f6cf7eee40066ca54da1b57c5483b6d00f089
- SSDEEP
  
  96:Dtbl0W6xP0XM0gly+ESo5Etdt0f2cnHBE8WdQx8Z5h+IrrOnQTUlZmsA:DxyWCsXM06I/uSjG8WdQx8Z5h7rrO72
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  resources/app/node_modules/adm-zip/util/errors.js
- Size
  
  1KB
- MD5
  
  ac3d2bb07fc89b31183b6786ce467fb3
- SHA1
  
  61964b0caf0c374fb311fbc914e7adfee6911f0f
- SHA256
  
  56ee85e2b90ec4a41df0813c4e7e08f617da69a82663149a8f9cc110deff43ea
- SHA512
  
  1ae94c25cc424f1a4ba7cbe7b08d9809022ac96d4f7ea0f98b10cf4e3bec913793957da17bb811c41153724d0da4f7f8c2850b0140fc4ba74ed553fc25695cd0
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  resources/app/node_modules/adm-zip/util/fattr.js
- Size
  
  1KB
- MD5
  
  943088ca25b0e25de119778524c8d91c
- SHA1
  
  6cbf8576406db664ea30c0ce8085cc590a248202
- SHA256
  
  cecf4e89cd49c408dacf19894756926cb73bae801f4f44e66011826230ef1975
- SHA512
  
  9892ad5a63788aa2e2a50927990caf7371b3432cf0a7633d6dba3d6f861d1e59eb8a43f6b5ad7127c16cdf153ad0aef1f9163d2c59af9058f427cb55c70662b0
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  resources/app/node_modules/adm-zip/util/fileSystem.js
- Size
  
  353B
- MD5
  
  85d7973afdda48fd2333b486d4b4afaf
- SHA1
  
  dd0ab76f06f12996cdb07bc8613d7f56aed7f0ac
- SHA256
  
  c0e0fdf6ca6d8dd98041adc6d8674f6bb02b94145abc98f08f24f1d0e4a8b5ad
- SHA512
  
  ea038e326f763da409672e4e1d87170220aa8c1fab1144a3d5f62d1a5db44f2be2c456a08ca4d1c3f776f9c5020e9573b6b146a28a74c329dd51daa961d6cbfe
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  resources/app/node_modules/adm-zip/util/index.js
- Size
  
  179B
- MD5
  
  6eadaab125a2caf89f2e762259d16df4
- SHA1
  
  680d2665f43dd5074b5eb34d7a22f337d39659dc
- SHA256
  
  a231e422e9f88464dbaf2ca91c0b7acd141f84e475de7847538d3f53890fd274
- SHA512
  
  feb0b65be5cf28c68fcd414a4ba0d659e9298a3a029c1ddef0b5f0d4ac77a355ddb6592aa9c3808b6f40266232c244456a28d49f24700941c6505adc81086eb8
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  resources/app/node_modules/adm-zip/util/utils.js
- Size
  
  7KB
- MD5
  
  b7a147df232c33b9733089d358e8919f
- SHA1
  
  62f476f4fd0f58d0f6affedadc39da4eed9622e0
- SHA256
  
  476362e756eeab1eb18548732f27ed8786cea36d6c33aa27d75a74fb70b4a2e0
- SHA512
  
  e0c2641d2b2626c145fd829d48c2154431179011946898714aca55be10209c816649ae79cf0fdadf76933079c28114b2c9000ebcd557a5e324448561cbd62b72
- SSDEEP
  
  192:giQAJ3zMRGhO3l3a2iCjgqiuA7cHBrQrlMh6n2d+MYKI6j8Ok86+IEiQkGyTh9d:bz2wSqrl7kZIlj23Yak87Ih7Thn
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  resources/app/node_modules/adm-zip/zipEntry.js
- Size
  
  11KB
- MD5
  
  c553c1da54ed2015dea9f514d4dfbd42
- SHA1
  
  fc47ac41e724cac3f6deab99730276fb7e4b76a0
- SHA256
  
  699358b454fd68983c363f2df22ada2fac0ad3ebfc4890f80efe7e49461f8c78
- SHA512
  
  808c6912f5dcd11afe4f130dbadc28911fa5402eb60cf2e2df66fd82c80a74772a9527cb731d4b16ea67abf6255e8f5a28e81955bfc78af90f5e6df98cce8dd4
- SSDEEP
  
  192:SCNPhBeY942jhUHaD8QIyrjHqgshbokySgyuqyDYyyyn32S2WsYlr98bvxrgLxOB:SKBeMJjXQQdq9EYUfp2SpsGr9WNgtI
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32