zloader | 9d8763451c2bd900dbf10e3cdb16132ec706b8e13dbd563aa15835d5b2d8cc4d | Triage

Resubmissions

01/08/2024, 00:29 UTC

240801-atd3ks1gnl 10

01/08/2024, 00:19 UTC

240801-ammq5s1ekn 10

Sharing

General

Target

Battly-Launcher-Windows.exe
Size

112.1MB
Sample

240801-ammq5s1ekn
MD5

03696da629e834c395f699847326448a
SHA1

3529afa76451ed5beeeb0bb4a31f7cc8bc463aa6
SHA256

9d8763451c2bd900dbf10e3cdb16132ec706b8e13dbd563aa15835d5b2d8cc4d
SHA512

fca0ef778b3ab13cf01e3d39d4c7eb4a587f600ed8d5ab10a03a3061178609dc13a75f6cc736ec27ed9f40a2a554030217cc91a8bf982d42f460585102f1969b
SSDEEP

3145728:SJcuNt6i+X0MdTUPo+YFawtU4odzp7emMT:qcuN7+QYFjmPztemE

Score

10^/10

zloader discovery execution

Malware Config

Targets

- Target
  
  Battly-Launcher-Windows.exe
- Size
  
  112.1MB
- MD5
  
  03696da629e834c395f699847326448a
- SHA1
  
  3529afa76451ed5beeeb0bb4a31f7cc8bc463aa6
- SHA256
  
  9d8763451c2bd900dbf10e3cdb16132ec706b8e13dbd563aa15835d5b2d8cc4d
- SHA512
  
  fca0ef778b3ab13cf01e3d39d4c7eb4a587f600ed8d5ab10a03a3061178609dc13a75f6cc736ec27ed9f40a2a554030217cc91a8bf982d42f460585102f1969b
- SSDEEP
  
  3145728:SJcuNt6i+X0MdTUPo+YFawtU4odzp7emMT:qcuN7+QYFjmPztemE
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  resources/app/node_modules/color-convert/route.js
- Size
  
  2KB
- MD5
  
  ff30f2b9f4a3761be9d12787f059f625
- SHA1
  
  01005d1f2b540c4df7e02fb7ac06c60ba3bae371
- SHA256
  
  5f1420af4a106eaa68ed7b4bb5e46f47e0f251169e38841ec8262447e4691b5d
- SHA512
  
  141f74f51ee662fc5a263e0cb193c47c8eb66201a27dd1a146d253efb413684c7107e3910a02167de8c649693929fe1781f79a6783d6115e2ca17b7adef9c594
Score

3^/10

execution
behavioral3 behavioral4
- Target
  
  resources/app/node_modules/color-name/index.js
- Size
  
  4KB
- MD5
  
  405840ec3052209f357288fe4c0f4414
- SHA1
  
  db20105dc898fa8aa6706492502431c680c0dc94
- SHA256
  
  97dabd7ebb70c33c19ccfa6956377fc722d9769924903f42a3bede30d83a8592
- SHA512
  
  9de93ee7b458a9d6b97664022909ad25a7cb89c2cfdd8ee19aa2e126566b7a7a930b24143a2a76f83dbff19f1a67b0a71de93e8ab248720c2ee243396e869451
- SSDEEP
  
  48:2UjYDSI/sGH0LU2pkptyuoD+5Q1gEeHScW1wsb8RkMq+txMtuWJaf+DUC5xVO:Z8DSdGepkpguogQKmqstuWJafYU
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  resources/app/node_modules/concat-map/README.markdown
- Size
  
  1KB
- MD5
  
  3de808d1c878e1d12f12c8d849710db2
- SHA1
  
  132e6e8fd1d19ec2422fdcde00840d8237e44094
- SHA256
  
  2bc76dd6de6869fb5335e04c066edd5ab9d99a2cf7958a25e3c7c8c48768b5b4
- SHA512
  
  c707b42c02d0fa2aab9a32835095fc15a2561c2d2fce85a11620b9977971cd045bfb47c222f62d21b0d20676ffee69c380f007a484b52d3de1b9c1b22f73c167
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  resources/app/node_modules/concat-map/index.js
- Size
  
  345B
- MD5
  
  8ef754ba23fdd37b3e8a1c52739ace80
- SHA1
  
  a3063f014cc693b320dbd64de3243a79247c1e05
- SHA256
  
  091b65d778337599d0140b35d53c038603d1732d27c33bfe39e03871a96926b2
- SHA512
  
  cec77060f95cd26aa28951db84745d405ce8a8f45761d2af11dc602eb75578fddb3e0d7f45e12d1750a45adaec8452b648021773488dc8f49235fc75b819a5b2
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  resources/app/node_modules/ejs-electron/index.js
- Size
  
  4KB
- MD5
  
  d441fba9399d196f943308f66d215d95
- SHA1
  
  76557f8a00782c3503b62784098b7832256c136b
- SHA256
  
  4574224bdcf1a47aab456dbec7b485d7cb8bd62bea5295f85db622b3ebab0c1b
- SHA512
  
  7f11d59d870c0ae386b6c0ae4a65b2ab49445ce8b36528323bb2a03a8a55611c8e71d2c7439f0a57c69fb7cfdc2d05fde59e535e0da36adf24947a131db18a0f
- SSDEEP
  
  96:Px5TgcV51Bi0BT/ddv6KEAHTD9MJ4ZVM2:PjrVfjPdPpk4Z1
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  resources/app/node_modules/ejs-electron/node_modules/mime/Mime.js
- Size
  
  2KB
- MD5
  
  5a77829e31fd521878c9484a90ff107a
- SHA1
  
  73efaff8e2e9adb871396c15c076dbf28757949a
- SHA256
  
  9482411a27e56e69e9ff5ae077b25f64c38768ae268ac07ab74a9896b582b6a9
- SHA512
  
  dc542b656f18818fc5caab6bebaf67f2f33691661196fd588eeba8bb8d1520ea61f76df314d407e0e23b405706889f0e73f0bc61871a36764d2c3564a44b1c35
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  resources/app/node_modules/ejs-electron/node_modules/mime/index.js
- Size
  
  127B
- MD5
  
  f18d3eb05bbc4d65415ee72c4b5d4dff
- SHA1
  
  e2d3efd8917c4ff9cbe668474891269d3fedcb37
- SHA256
  
  7b35e6b3b981b498b62860b99063916772a7a199125866d4593db952ba1c14b9
- SHA512
  
  65316d6a06666e5acdb6fd293fcb737109a264fb6ed1174e7853f86b32d2b334fab3280d28535be21524fa15f86bc8f16b663461439d6bdf4ead0cba4b297eb5
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  resources/app/node_modules/minimatch/minimatch.js
- Size
  
  25KB
- MD5
  
  43855baa9189d8dd645c44afc4132ec1
- SHA1
  
  f21a6b3c6d1d71bb65e4e6e0af1bf1baba3a207e
- SHA256
  
  ebae64a212004e293fd7b536f33a2ca830452f71377f4b51fa0a0e9885ee6a93
- SHA512
  
  b67a9875c4c70c765c00e24d02ee807c22099c66ce1ce41ffca4f47d53deaae0c2c9a39e19eaa42a94c31b937888681f945da3704f3e6e1a3e0711bda00ad77f
- SSDEEP
  
  384:Dxc8r7MvghVE1WtnxTEVLctXtbzdE281rY2qUkrwVzB9Xo6NHikm5PTt0VOKtEVH:lc8/vCWtnFoLc9tblNfWtEVSbsYm
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  resources/app/node_modules/protocol/benchmark/benchmark.js
- Size
  
  4KB
- MD5
  
  aed52dfc6ee45583ee47274cbf80b6cc
- SHA1
  
  043ea2811d13b41cb7c230ec66d2a667de296cb3
- SHA256
  
  42091e950dea3a76bd810950f8f97dd6fad8da62101e8130834ecd0917d4b3c1
- SHA512
  
  cddeefe21289bd95b7c404f3625527558d247e4c476d757022918b52bac7490af6e1ef5b0a5f18498240f93edbc1d9487fd1d632ac043acdeb9781e19e7ccadc
- SSDEEP
  
  96:Jg/TgQH3o07o+FNVh3+S++bzGYXUt+8vj8uPVGZagVy5sy5uj0H0Wjw6:JLQH3HFNVhuSTbzGYkw8vj8u8am0H0Ox
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  resources/app/node_modules/protocol/benchmark/input.js
- Size
  
  2KB
- MD5
  
  785edd8cc7a89e1f0ba909e7cbe94c75
- SHA1
  
  c3950f31737fdfab65d8a0808fd04792c5b6aad8
- SHA256
  
  f3b7561e39120dd693a57ec041d03725382428eefd7e44a073d3706b427d87bd
- SHA512
  
  3b0e64549c54b1b84c5607a67395a92d0a2a84501adfa7094bb90eec079f7060837c2ef23c71960ef3ef22f182b5838c48a1fbd6a471998eaae213b4f814a9aa
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  resources/app/node_modules/protocol/benchmark/protocol.js
- Size
  
  1KB
- MD5
  
  4d8b4b39a39e5e1a71cf9c1fd47709a6
- SHA1
  
  8157ed84ad3f1acbf25a47e5a5062613dc5015fd
- SHA256
  
  4536a65cfaa548aadb18d5eae8df1fc601446c6938a1f2742e9e1e9a238ff7fa
- SHA512
  
  9f53903d1baa64339e75700b99c28a8616517005c139dc088d1b4a5e38b242881bdc8b2ffd4866b2655c714fed9d3662ae94a201a47e0f2375ea66c3cf2eaa91
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  resources/app/node_modules/protocol/lib/flatten.js
- Size
  
  1KB
- MD5
  
  d367349071b4ae45b07eb1a58bd7f1b4
- SHA1
  
  3023548890b8c2f3fc56578953ac35f7a455af6e
- SHA256
  
  ad7e89663b817c86960bbcd61ff8b235bd6cfc4e25b1802cebefa73551d258cf
- SHA512
  
  4458345a4bd8031edb9f232bec17090db3690f0ca33f93219bd0a6c8d73c18bd68568d0b784bd18fd4e3286eba3c91d3bd0cac19c42f8b3f4020ffaba76b43d0
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  resources/app/node_modules/protocol/lib/flattenSchema.js
- Size
  
  2KB
- MD5
  
  5f4f1b166ebb578045282e5feeb975a8
- SHA1
  
  ea39b5aff8dd83774f73329229f0730a865742f8
- SHA256
  
  d8c40b4e3f079d5f6f096d6bcd89da0fbbc2b0e877abe4048998fc8f68140f23
- SHA512
  
  370bf23237141ff61608893771a7de8d5b9e223b143c2a4103d7ec3ee00ea5b230d231eb9af3fd867357a7387d02781df76ec0c76ec45dfa0651947f6f10f3cb
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  resources/app/node_modules/protocol/lib/generate.js
- Size
  
  4KB
- MD5
  
  bf5c409a2747f75a99dc1e4b0b8357ba
- SHA1
  
  4f2c2e97d6c6428bdc4a088d3ad008636d3fdaee
- SHA256
  
  24cf5c56cd623937ccda186290c2fbb4453331a9c39b0b03f079442e00f47643
- SHA512
  
  59a795784201f0a8fc346be681f0b544ab94947b4225dd355c70c2b8df112e59ff9063f55d9ab2c2b6aac3f9a375b4889e6cd8b1606b4f98f26e8a53d823095e
- SSDEEP
  
  48:J+bs5JslcE3QQHFs5DST93oVFJV8PHsNUbVrkAvEZGbdNRR0KJRwZt+6np3aGbDc:Jg/TgQH3ooP5hLvEmeERLOlr/npVNGn
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  resources/app/node_modules/protocol/lib/index.js
- Size
  
  1KB
- MD5
  
  06f500160ac7a72c194f9e56feb1944d
- SHA1
  
  958041371c692d00d62d84b83464f85e77a1ab0a
- SHA256
  
  b18be9ba6637b8a8265fb12bde098f8ab79c9424e3b7a985f5f426214dd696da
- SHA512
  
  2f506488ffba16b90ab630cc36227c7809e519f432f11417ad23a19b4ed58dd9b1b097f0d343fd2696ebda1e92fc90e9316e3537a6d7b442684a78edcdbdd824
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32