zloader | 2d75bc310ccdfb81b7367a87d93b4539c1051512c294415ab8cd0e1b8c68792b | Triage

Sharing

General

Target

BBA Launcher.zip
Size

82.4MB
Sample

240829-djeg5ssdpp
MD5

56d52d78c54cf59f69b5a7b5b0d256f2
SHA1

311c2aa39ec40447ac23c0883ebbbd08fa532cc8
SHA256

2d75bc310ccdfb81b7367a87d93b4539c1051512c294415ab8cd0e1b8c68792b
SHA512

2bb64306c629dc603f8816ea43088020100c7c1d44abde013645bbc8c5f512586feed2018b36df544414270f729421497c37d58f6ae12fe93151e3fb69130ecf
SSDEEP

1572864:FsmzlwMppdZrGZAfGuUVYwN2/W1C1q3Bzf3D4PBZ9yWOIWxMDZC:FsmjdZ6yfR6NU/KaqxzLQ/95/DA

Score

10^/10

zloader discovery

Malware Config

Targets

- Target
  
  BBA Launcher.zip
- Size
  
  82.4MB
- MD5
  
  56d52d78c54cf59f69b5a7b5b0d256f2
- SHA1
  
  311c2aa39ec40447ac23c0883ebbbd08fa532cc8
- SHA256
  
  2d75bc310ccdfb81b7367a87d93b4539c1051512c294415ab8cd0e1b8c68792b
- SHA512
  
  2bb64306c629dc603f8816ea43088020100c7c1d44abde013645bbc8c5f512586feed2018b36df544414270f729421497c37d58f6ae12fe93151e3fb69130ecf
- SSDEEP
  
  1572864:FsmzlwMppdZrGZAfGuUVYwN2/W1C1q3Bzf3D4PBZ9yWOIWxMDZC:FsmjdZ6yfR6NU/KaqxzLQ/95/DA
Score

1^/10
behavioral1 behavioral2
- Target
  
  BBA Launcher.exe
- Size
  
  82.4MB
- MD5
  
  66f2815e2431a06df98a10cc0e959aeb
- SHA1
  
  ea1fdc54179389415574ab646fd1274d3fb069b7
- SHA256
  
  0049ff8214d96fe8a7f5dd40934dad318226ef6b7222aea2a730b7983734816a
- SHA512
  
  fc282ae7a98e87904ca71110f6f77711ec30e57e01a533654fe88055f8a90fa8d5c32d98082be8ffa793c11a81fcca5ac5d6a422b23f3d7aeb484487c62b3849
- SSDEEP
  
  1572864:fye4hJceZDtbX2LKRymNEkfWx0/sX2ZNt/dZUrNVF6EG2U/o/wU:fye4BtbGGoe9+xy82LtnGzFpn/P
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  14KB
- MD5
  
  adb29e6b186daa765dc750128649b63d
- SHA1
  
  160cbdc4cb0ac2c142d361df138c537aa7e708c9
- SHA256
  
  2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
- SHA512
  
  b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
- SSDEEP
  
  192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/app-64.7z
- Size
  
  81.9MB
- MD5
  
  f5f87e478a6f0cbf226a178a9f17efee
- SHA1
  
  e5cd8dfafa23bef04b42c803873e048bc76405cc
- SHA256
  
  b95bc9240d6e34d4421f68b0932d92b5f5186326d0a194a16b9d4d1b3acfce8f
- SHA512
  
  a4ae40162aa080b704f86b91f8c7b91eef46e66edad1302c9e75388a9e89a64983de980417f48be45ccbe00a35df3d05cd5b936cd75d5688b6e6f2b9067e0a58
- SSDEEP
  
  1572864:ye4hJceZDtbX2LKRymNEkfWx0/sX2ZNt/dZUrNVF6EG2U/o/wm:ye4BtbGGoe9+xy82LtnGzFpn/n
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  locales/vi.pak
- Size
  
  619KB
- MD5
  
  593d33203c539d027c5b5bcc13bb38c9
- SHA1
  
  2f6288bc43ddf31e49a733af97e3e9e2fb8a2940
- SHA256
  
  d435c4c7154c24982185842a09cacd343cea77a5eb7fb859c4d38973cf240a42
- SHA512
  
  7c41c74f7220270da242562b93db8db053c0a7b08fdc1864d063706caccbc6926f288ae6bff1de43af656af67fcf2d8ad57f53d791bbc47a3b29a6a0856a68e5
- SSDEEP
  
  12288:SP4t+cmwJlroEKaaFoGnXy0+xcPdH9+vUx5a8hZq94KiXJziMHo6wtuN:Sg+cmwJl7a3ni0+e35a8vq1iXliMI6wo
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  locales/zh-CN.pak
- Size
  
  447KB
- MD5
  
  156894db535f0fbe193d66c0afb4b112
- SHA1
  
  e347caa3c41ea7461c217c029dbca54567fbe27c
- SHA256
  
  cc5a411d3bf0ddfba9e5041dfeeaed70265ba949f7b7ccba0170b88e3e14ceb0
- SHA512
  
  e81a0968598536e91c17a1998682cb5fff42bd3199c41b64e2d76827c96b187e8f86182843c061735dad2b7cd5e32750e473c1a5f9c82bcc0dcc30f1bdb8b806
- SSDEEP
  
  6144:toQrG8fptN1zkK7/56aO4ydpD659mqjNFEwYHB07ulz:jrptjzX56aO4yz65YcNFEwmB/
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  locales/zh-TW.pak
- Size
  
  442KB
- MD5
  
  337bba163068f2dd7ff107ea929c8473
- SHA1
  
  536ec5756f229696dd6f875180778afcee1966fb
- SHA256
  
  58753d4313ed7f548df16a9cd9aa1f0e30cebee675a76b8359ed23fc95825574
- SHA512
  
  000b98249d7b0e4c7e463bafdf827e3dc5afac447750320d6344c984f4ad41cab5795861920525f03dcaeea5aa3615684101b08bbc103d3ba01065676c8bd64f
- SSDEEP
  
  6144:1nqUsbcI8cPArmJflGs2/uUasg5b5SjkzBMOZQyZV7zeyTA:JqBb/LPA0Sasg5b5Sjkzpr/7+
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  resources.pak
- Size
  
  5.0MB
- MD5
  
  67bb5e75ceb8ced4c98cf0454933cb45
- SHA1
  
  c2b1c8c8d753318bc5ec18762c27512a5eb9f9cd
- SHA256
  
  5d63acd4034f7771ca346d138d7478014abf1f3f4386d07fc025dbc2c2bc0bff
- SHA512
  
  fd213d59ebc625f6f8b20cc8fde1a22132ce827b81deaddb9ca7993fe0d9616de17e089def338d23c4b6bbd7d3a931ee73aa329325eaa17f8145a58fe11d8c38
- SSDEEP
  
  98304:cC+ks/PeeUfLix3zJ/3JKKSa+cgHprwrNl8dtSip6QaVaK2nguoM10mpmjy+0VxW:c1k035B5K3cQpkrNi/SQaVN2guJ10Le4
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  resources/app.asar
- Size
  
  22.0MB
- MD5
  
  61c18ec20dd5ea06f46ed1189df493ec
- SHA1
  
  bb66cd88738f51e05650d11129f2b3dc43dfa439
- SHA256
  
  d3a297f0cbdcecf78fa46ef5a4d6c594d454d31a7c05c7f3d905ca16aa065d39
- SHA512
  
  0ec8955adf9adb71f2a5d4ba47f23d9b5d49d0bca6d2f0d7806a0baf3674b2fa65ad2b4d37f2b44bbee738cda37c01f1e5c5c311e32efcca3f5d5138deaaf7d3
- SSDEEP
  
  393216:M1qKprJaBBGUEq0/Y9+pL0U7l4hWa226MAEqyX:MRpVWdEn/uyL0U7l4hWa226MAEqyX
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  resources/elevate.exe
- Size
  
  105KB
- MD5
  
  792b92c8ad13c46f27c7ced0810694df
- SHA1
  
  d8d449b92de20a57df722df46435ba4553ecc802
- SHA256
  
  9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
- SHA512
  
  6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
- SSDEEP
  
  3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  resources/libraries/Desktop.ini
- Size
  
  94B
- MD5
  
  ea14011259ecd3f1446c65cc7dbd4efa
- SHA1
  
  378af36d2bc7f530eebe5937772e9c7e9ceb5391
- SHA256
  
  db20ccfc021dc485ee0537e4789c323b2d962d0047100a68fcc5484d971282e0
- SHA512
  
  f976de65fe53ba4f64011736580d04a11ecb7940c9b3c40d4b16ccd68bc35ed14da72939ab0b60590378a391b301519bdb3e4c4605f8290b8c25c2b57a1ccb1d
Score

1^/10
behavioral27 behavioral28
- Target
  
  resources/libraries/java/PackXZExtract.jar
- Size
  
  120KB
- MD5
  
  cf8aa6c50804b3d2448b316b1cd24b17
- SHA1
  
  a69190724b20156dd17504162fbe771309415b73
- SHA256
  
  a847432bdf7da12571bbd5bda3b11ca3664675d1ff9baad5abd59b2d0689fa93
- SHA512
  
  d897b843cf6d138885ffbcddcd53c84819bca0a1ac9de46334601d67fa9ba05d6b857b396a67b6f92e9f7745fce3f1a0402b76e4b31bd56d3cd36c339ac1e07c
- SSDEEP
  
  3072:4KKXNfoEU3hN7cOGhjVjRGreZHupS4uHAtS8X:bKip377EXGHqHAwG
Score

1^/10
behavioral29 behavioral30
- Target
  
  snapshot_blob.bin
- Size
  
  298KB
- MD5
  
  cadef56f5fb216b1fbf7ada1f894ea6d
- SHA1
  
  373d2a4266be5c8fbf61d4363ec47ddeb2d79253
- SHA256
  
  0976145cc8c02f3e64ddbf51dc983bdbb456be7fcf3ce54608e218981671ac12
- SHA512
  
  9c90e8943f9ef6d644fe0fbe55ab25ed371739d17da8cf973893a2e41ebfa0a92bcf1761e72da032f9f3d1c6f1080c62f856aa07a3cbb609c9e8c186f92216b6
- SSDEEP
  
  6144:vgds9oCMz0nMGo/sPT5UcQD6QynHQx9x+zi8W8icW0K8w+E2XxkBOoT8MfFNdpO1:vgF+LUYTWf8
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32