General
-
Target
Badlion Client Web Setup 2.17.0.exe
-
Size
1.0MB
-
Sample
201031-as8zrbb4qj
-
MD5
edf47633312f964b28dfc3ed91f320c7
-
SHA1
c9df701aae470466e5b8639328aa0a95c148f2f8
-
SHA256
10a6d1044186ddaf801d57ab4fdd6991a44b859332fd8e2ae8990f7edd4b3206
-
SHA512
98e1f0c70fbea5bf684136a976e9e8a8bb9f83c6c9f9625248485772f59f0ef529e5191434ce02fd7448e8c3810dd9450360422b3b1257036da4dc8f05547493
Static task
static1
Behavioral task
behavioral1
Sample
Badlion Client Web Setup 2.17.0.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Badlion Client Web Setup 2.17.0.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
Badlion Client Web Setup 2.17.0.exe
-
Size
1.0MB
-
MD5
edf47633312f964b28dfc3ed91f320c7
-
SHA1
c9df701aae470466e5b8639328aa0a95c148f2f8
-
SHA256
10a6d1044186ddaf801d57ab4fdd6991a44b859332fd8e2ae8990f7edd4b3206
-
SHA512
98e1f0c70fbea5bf684136a976e9e8a8bb9f83c6c9f9625248485772f59f0ef529e5191434ce02fd7448e8c3810dd9450360422b3b1257036da4dc8f05547493
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
JavaScript code in executable
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-