zloader | 0049ff8214d96fe8a7f5dd40934dad318226ef6b7222aea2a730b7983734816a | Triage

Sharing

General

Target

BBA Launcher.exe
Size

82.4MB
Sample

240905-dvnj7atare
MD5

66f2815e2431a06df98a10cc0e959aeb
SHA1

ea1fdc54179389415574ab646fd1274d3fb069b7
SHA256

0049ff8214d96fe8a7f5dd40934dad318226ef6b7222aea2a730b7983734816a
SHA512

fc282ae7a98e87904ca71110f6f77711ec30e57e01a533654fe88055f8a90fa8d5c32d98082be8ffa793c11a81fcca5ac5d6a422b23f3d7aeb484487c62b3849
SSDEEP

1572864:fye4hJceZDtbX2LKRymNEkfWx0/sX2ZNt/dZUrNVF6EG2U/o/wU:fye4BtbGGoe9+xy82LtnGzFpn/P

Score

10^/10

zloader discovery

Malware Config

Targets

- Target
  
  BBA Launcher.exe
- Size
  
  82.4MB
- MD5
  
  66f2815e2431a06df98a10cc0e959aeb
- SHA1
  
  ea1fdc54179389415574ab646fd1274d3fb069b7
- SHA256
  
  0049ff8214d96fe8a7f5dd40934dad318226ef6b7222aea2a730b7983734816a
- SHA512
  
  fc282ae7a98e87904ca71110f6f77711ec30e57e01a533654fe88055f8a90fa8d5c32d98082be8ffa793c11a81fcca5ac5d6a422b23f3d7aeb484487c62b3849
- SSDEEP
  
  1572864:fye4hJceZDtbX2LKRymNEkfWx0/sX2ZNt/dZUrNVF6EG2U/o/wU:fye4BtbGGoe9+xy82LtnGzFpn/P
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/app-64.7z
- Size
  
  81.9MB
- MD5
  
  f5f87e478a6f0cbf226a178a9f17efee
- SHA1
  
  e5cd8dfafa23bef04b42c803873e048bc76405cc
- SHA256
  
  b95bc9240d6e34d4421f68b0932d92b5f5186326d0a194a16b9d4d1b3acfce8f
- SHA512
  
  a4ae40162aa080b704f86b91f8c7b91eef46e66edad1302c9e75388a9e89a64983de980417f48be45ccbe00a35df3d05cd5b936cd75d5688b6e6f2b9067e0a58
- SSDEEP
  
  1572864:ye4hJceZDtbX2LKRymNEkfWx0/sX2ZNt/dZUrNVF6EG2U/o/wm:ye4BtbGGoe9+xy82LtnGzFpn/n
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4