zloader | 9cd7f45620bda9811e200380d3e43a3ea768c48d1240448c279b3321d3ae59b6

Sharing

Copy URL

Twitter E-mail

General

Target

Battly-Launcher-win Universal.exe
Size

188.1MB
Sample

240920-z6grnsycqf
MD5

3b6b92297beb78efb283e0d2fa32fc19
SHA1

b056d281a74d9e0fd7546bbed068a915608336e0
SHA256

9cd7f45620bda9811e200380d3e43a3ea768c48d1240448c279b3321d3ae59b6
SHA512

bb32b9529abe3fef0025cd8f81a4bcea6cffaa4b20112e9fbd57482b0f4ee092740afbcd788684fdae676bc7cebc17af491c9dae73b082cca31b9aabc3111463
SSDEEP

3145728:IJcuNt6i+X0MdTUPo+YFawtU4odzw7Lm3436E7IkGl0BkChNw5+VTmms+B6Q87:UcuN7+QYFjmPz0Lm3J0wahNw5+VTTs+y

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://www.battlylauncher.com

Targets

- Target
  
  Battly-Launcher-win Universal.exe
- Size
  
  188.1MB
- MD5
  
  3b6b92297beb78efb283e0d2fa32fc19
- SHA1
  
  b056d281a74d9e0fd7546bbed068a915608336e0
- SHA256
  
  9cd7f45620bda9811e200380d3e43a3ea768c48d1240448c279b3321d3ae59b6
- SHA512
  
  bb32b9529abe3fef0025cd8f81a4bcea6cffaa4b20112e9fbd57482b0f4ee092740afbcd788684fdae676bc7cebc17af491c9dae73b082cca31b9aabc3111463
- SSDEEP
  
  3145728:IJcuNt6i+X0MdTUPo+YFawtU4odzw7Lm3436E7IkGl0BkChNw5+VTmms+B6Q87:UcuN7+QYFjmPz0Lm3J0wahNw5+VTTs+y
Score

10^/10

discovery execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/BgImage.dll
- Size
  
  7KB
- MD5
  
  487368e6fce9ab9c5ea053af0990c5ef
- SHA1
  
  b538e37c87d4b9a7645dcbbd9e93025a31849702
- SHA256
  
  e27efa5dfde875bd6b826fafb4c7698db6b6e30e68715a1c03eb018e3170fc04
- SHA512
  
  bb3ed4c0d17a11365b72653112b48c8c63ab10590dda3dfd90aa453f0d64203000e4571c73998063352240e1671d14da5ee394439899aaa31054fa2e9b722ea7
- SSDEEP
  
  96:8efk1LFJaO1/radJEaYtv1Zs4lkL8y3A2EN8Cmy3uT24j7J3kWyy/:tcTJa2roqJyA2EN8diuTHje
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/splash.bmp
- Size
  
  411KB
- MD5
  
  53b029ccb83951c0f232fbcde874b403
- SHA1
  
  c6c57b8b7eac7c0f3b7ecff5d4b2a4c1de4d326f
- SHA256
  
  4a3a74bcc1da624c51860bf3dc2333230cad7c961414e015a987e204f6447461
- SHA512
  
  514d3e5e925ec16db2ab89d71b34c95ea76f5679dfc4fc2e759c0e982d08660b5ca9a76bbc814ed3335b461ac9e1bf82de2b88dc988f4378e3a974cd59485acb
- SSDEEP
  
  3072:Iy+VjIHJNBlLhK2mTBxTfFM+8GLa9V+16rGwQHS5LjgzlZkvZEFqKGO0jCC1jMrL:ejIHjnmVxTiheqksRQymRKvOwP9EL
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral7 behavioral8
- Target
  
  LICENSE.electron.txt
- Size
  
  1KB
- MD5
  
  4d42118d35941e0f664dddbd83f633c5
- SHA1
  
  2b21ec5f20fe961d15f2b58efb1368e66d202e5c
- SHA256
  
  5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
- SHA512
  
  3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63
Score

1^/10
behavioral10 behavioral9
- Target
  
  chrome_100_percent.pak
- Size
  
  150KB
- MD5
  
  b1bccf31fa5710207026d373edd96161
- SHA1
  
  ae7bb0c083aea838df1d78d61b54fb76c9a1182e
- SHA256
  
  49aff5690cb9b0f54f831351aa0f64416ba180a0c4891a859fa7294e81e9c8e3
- SHA512
  
  134a13ad86f8bd20a1d2350236269fd39c306389a600556a82025d5e0d5adaab0709d59e9b7ee96e8e2d25b6df49fefea27cdccefe5fba9687abf92a9a941d91
- SSDEEP
  
  3072:AzwJCGIekwENgMBsFAXg6VKdL2o418Gb0+VRLf0ld0GY3cQ3ERVm2I:Azw1IekmMBdQXK18Gb0OV8ld0GecQ3Ey
Score

3^/10
behavioral11 behavioral12
- Target
  
  chrome_200_percent.pak
- Size
  
  229KB
- MD5
  
  e02160c24b8077b36ff06dc05a9df057
- SHA1
  
  fc722e071ce9caf52ad9a463c90fc2319aa6c790
- SHA256
  
  4d5b51f720f7d3146e131c54a6f75e4e826c61b2ff15c8955f6d6dd15bedf106
- SHA512
  
  1bf873b89b571974537b685cdb739f8ed148f710f6f24f0f362f8b6bb605996fcfec1501411f2cb2df374d5fdaf6e2daaada8cea68051e3c10a67030ea25929e
- SSDEEP
  
  6144:gDQYaSN6svydrI8jDQUgx5GMRejnbdZnVE6YoppO4:NfSN6svydZ6edhVELoXO4
Score

3^/10
behavioral13 behavioral14
- Target
  
  resources/app/node_modules/color-convert/route.js
- Size
  
  2KB
- MD5
  
  ff30f2b9f4a3761be9d12787f059f625
- SHA1
  
  01005d1f2b540c4df7e02fb7ac06c60ba3bae371
- SHA256
  
  5f1420af4a106eaa68ed7b4bb5e46f47e0f251169e38841ec8262447e4691b5d
- SHA512
  
  141f74f51ee662fc5a263e0cb193c47c8eb66201a27dd1a146d253efb413684c7107e3910a02167de8c649693929fe1781f79a6783d6115e2ca17b7adef9c594
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  resources/app/node_modules/color-name/LICENSE
- Size
  
  1KB
- MD5
  
  d301869b39e08b33665b7c4f16b8e41d
- SHA1
  
  e8bc789b6dc24e4c3fc4d208364dd6b029a81eb1
- SHA256
  
  c064f7a3e353bc1bc977f3c897941c75ef763f44f41677e0a15370ca0853d6e2
- SHA512
  
  fc1d65352c114c7594c9bedf5be432ba39d426feaf50bf8f7c52d32781323c84bfc9a68531aefb558c97ebe46e712e1d35d860ba1e1a6ab48b4a79b894092540
Score

1^/10
behavioral17 behavioral18
- Target
  
  resources/app/node_modules/concat-map/README.markdown
- Size
  
  1KB
- MD5
  
  3de808d1c878e1d12f12c8d849710db2
- SHA1
  
  132e6e8fd1d19ec2422fdcde00840d8237e44094
- SHA256
  
  2bc76dd6de6869fb5335e04c066edd5ab9d99a2cf7958a25e3c7c8c48768b5b4
- SHA512
  
  c707b42c02d0fa2aab9a32835095fc15a2561c2d2fce85a11620b9977971cd045bfb47c222f62d21b0d20676ffee69c380f007a484b52d3de1b9c1b22f73c167
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  resources/app/node_modules/concat-map/index.js
- Size
  
  345B
- MD5
  
  8ef754ba23fdd37b3e8a1c52739ace80
- SHA1
  
  a3063f014cc693b320dbd64de3243a79247c1e05
- SHA256
  
  091b65d778337599d0140b35d53c038603d1732d27c33bfe39e03871a96926b2
- SHA512
  
  cec77060f95cd26aa28951db84745d405ce8a8f45761d2af11dc602eb75578fddb3e0d7f45e12d1750a45adaec8452b648021773488dc8f49235fc75b819a5b2
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  resources/app/node_modules/ejs-electron/index.js
- Size
  
  4KB
- MD5
  
  d441fba9399d196f943308f66d215d95
- SHA1
  
  76557f8a00782c3503b62784098b7832256c136b
- SHA256
  
  4574224bdcf1a47aab456dbec7b485d7cb8bd62bea5295f85db622b3ebab0c1b
- SHA512
  
  7f11d59d870c0ae386b6c0ae4a65b2ab49445ce8b36528323bb2a03a8a55611c8e71d2c7439f0a57c69fb7cfdc2d05fde59e535e0da36adf24947a131db18a0f
- SSDEEP
  
  96:Px5TgcV51Bi0BT/ddv6KEAHTD9MJ4ZVM2:PjrVfjPdPpk4Z1
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  resources/app/node_modules/ejs-electron/node_modules/mime/LICENSE
- Size
  
  1KB
- MD5
  
  8e8ea2ad138ce468f8570a0edbadea65
- SHA1
  
  2e84853fb5f2711901b6ecb4a0b8fe4d419348fd
- SHA256
  
  8f2658c03422c408b2b2ce4d151decc3b1a6fd3d86e5ca9433777bccdcdf75a2
- SHA512
  
  d1106f3bc64efadddd19b11d495f8755261097fed95ac046ed5721f14b453b92e6a191cc13aa10232e7a59df6cfb744dbe9b854d8f0d25c49b50337f62b21985
Score

1^/10
behavioral25 behavioral26
- Target
  
  resources/app/node_modules/ejs-electron/node_modules/mime/Mime.js
- Size
  
  2KB
- MD5
  
  5a77829e31fd521878c9484a90ff107a
- SHA1
  
  73efaff8e2e9adb871396c15c076dbf28757949a
- SHA256
  
  9482411a27e56e69e9ff5ae077b25f64c38768ae268ac07ab74a9896b582b6a9
- SHA512
  
  dc542b656f18818fc5caab6bebaf67f2f33691661196fd588eeba8bb8d1520ea61f76df314d407e0e23b405706889f0e73f0bc61871a36764d2c3564a44b1c35
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  resources/app/node_modules/ejs-electron/node_modules/mime/index.js
- Size
  
  127B
- MD5
  
  f18d3eb05bbc4d65415ee72c4b5d4dff
- SHA1
  
  e2d3efd8917c4ff9cbe668474891269d3fedcb37
- SHA256
  
  7b35e6b3b981b498b62860b99063916772a7a199125866d4593db952ba1c14b9
- SHA512
  
  65316d6a06666e5acdb6fd293fcb737109a264fb6ed1174e7853f86b32d2b334fab3280d28535be21524fa15f86bc8f16b663461439d6bdf4ead0cba4b297eb5
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  resources/app/node_modules/ejs/LICENSE
- Size
  
  11KB
- MD5
  
  3b83ef96387f14655fc854ddc3c6bd57
- SHA1
  
  2b8b815229aa8a61e483fb4ba0588b8b6c491890
- SHA256
  
  cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30
- SHA512
  
  98f6b79b778f7b0a15415bd750c3a8a097d650511cb4ec8115188e115c47053fe700f578895c097051c9bc3dfb6197c2b13a15de203273e1a3218884f86e90e8
- SSDEEP
  
  192:nU6G5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEn7HbHR:U9vlKM1zJlFvmNz5VrlkTS07Ht
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Command and Scripting Interpreter: PowerShell

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32