20d91430397028cb83296e7a41598414c9a4ef272afba435196d231a8cbd0b67

Sharing

Copy URL

Twitter E-mail

General

Target

Badlion Client Setup 4.0.1.exe
Size

106.0MB
Sample

240118-eep9hscbhq
MD5

903bd9351b62bc7cbe2557da4688f792
SHA1

470ec74c6bd8821a418a50a8c48398f3715efe28
SHA256

20d91430397028cb83296e7a41598414c9a4ef272afba435196d231a8cbd0b67
SHA512

27eacaa2d7d021c45eb5dc52b41b828447bca15761834b33997eac9bba79034670da3b429d2b903712f1e9ec9132c3e41f3214ea1463d0f3ac35e630a9b5933f
SSDEEP

3145728:9aj7JEyFUT2roh0SgtY0aToZns6IWkp/:oj7jOTwoWSdToZns5z

Score

8^/10

Malware Config

Targets

- Target
  
  Badlion Client Setup 4.0.1.exe
- Size
  
  106.0MB
- MD5
  
  903bd9351b62bc7cbe2557da4688f792
- SHA1
  
  470ec74c6bd8821a418a50a8c48398f3715efe28
- SHA256
  
  20d91430397028cb83296e7a41598414c9a4ef272afba435196d231a8cbd0b67
- SHA512
  
  27eacaa2d7d021c45eb5dc52b41b828447bca15761834b33997eac9bba79034670da3b429d2b903712f1e9ec9132c3e41f3214ea1463d0f3ac35e630a9b5933f
- SSDEEP
  
  3145728:9aj7JEyFUT2roh0SgtY0aToZns6IWkp/:oj7jOTwoWSdToZns5z
Score

4^/10
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  15KB
- MD5
  
  ba2cc9634ebed71cea697a31144af802
- SHA1
  
  8221c522b24f4808f66a476381db3e6455eab5c3
- SHA256
  
  9a3c2fe5490c34f73f1a05899ef60cfef05e0c9599cd704e524ef7a46ead67ba
- SHA512
  
  dcc74bcedd9402f7ac7e2d1872fe0e2876ae93cf8bbd869d5b9b7b56cea244ba8d2891fa2b51382092b86480337936f5ec495d9005d47fbfd9e2b71cb7f6ba8f
- SSDEEP
  
  384:Zhyd8Y6pu8ZaLf6Uksnw1g8BUcyHisUVb:Zhyd8Y67WGg8B/EiF
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  14KB
- MD5
  
  adb29e6b186daa765dc750128649b63d
- SHA1
  
  160cbdc4cb0ac2c142d361df138c537aa7e708c9
- SHA256
  
  2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
- SHA512
  
  b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
- SSDEEP
  
  192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/app-64.7z
- Size
  
  105.3MB
- MD5
  
  5975bcc3c69cb05665e87538473541fa
- SHA1
  
  2ed07f2ae33193cab4918ed3a4821d2b54240703
- SHA256
  
  bbd21d220130d3f007bb3ea34119e0e945b07194329ad13c023cd429926b9e11
- SHA512
  
  0ed4b708e31772c0e4cb14938c27f6f731e5aec104526c149d417263717502ed9e637ff068008b456d774749963ac0d504de18818c5b04cf91d521e0a22e3578
- SSDEEP
  
  1572864:2tsHKcC27ECeSbE4dcWMpjyZTrbkRttvkroh0SgtIUy31BpJoRoTuZg3cngHCbIn:nj7JEyFUT2roh0SgtY0aToZns6IWkp/L
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral13 behavioral14
- Target
  
  Badlion Client.exe
- Size
  
  134.1MB
- MD5
  
  bf90ab00ffa52c6e5a9acd7f38bd1313
- SHA1
  
  c073d0047b5bc37d16add60da739b28bdcffd7da
- SHA256
  
  de989473039d37c45d0fb39d3bfaf15a08833c91bc53918bafafc0b7aef459d6
- SHA512
  
  d42d1cd5618b9b06a96d127d48867a9056994cb571acd63f16f1e9904aa9bdabbd53e5c915351d4c65518491918e2b09f428280d796ab9aff850f31fd9bc429c
- SSDEEP
  
  1572864:myhU9i4Qmh8AxfjKhRh+10tb8lc6i/R60:xEjV0D/w0
Score

8^/10
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral15 behavioral16
- Target
  
  LICENSES.chromium.html
- Size
  
  5.2MB
- MD5
  
  27206d29e7a2d80ee16f7f02ee89fb0f
- SHA1
  
  3cf857751158907166f87ed03f74b40621e883ef
- SHA256
  
  2282bc8fe1798971d5726d2138eda308244fa713f0061534b8d9fbe9453d59ab
- SHA512
  
  390c490f7ff6337ee701bd7fc866354ef1b821d490c54648459c382ba63c1e8c92229e1b089a3bd0b701042b7fa9c6d2431079fd263e2d6754523fce200840e2
- SSDEEP
  
  12288:/7etnqnVnMnBnunQ9RBvjYJEi400/Q599b769B9UOE6MwMGucMEbHDuX0YnpWQZO:sFEc5FeWSPZza8yUMmfSHCHWJ4pps
Score

1^/10
behavioral17 behavioral18
- Target
  
  VMProtectSDK32.dll
- Size
  
  98KB
- MD5
  
  17011601817dd00866b681d4a0bd90f2
- SHA1
  
  d6ad7087f54182b47a9a6776fab90cb03e95f80c
- SHA256
  
  6ff20283e407a0f2829e4fa6def121cd63d715dd6582847ae2d6fc379ac40927
- SHA512
  
  1e41669c920ac65fea5fd0e5704430dd371893155d5f33674ad6eec011ec16bf4969b01e2b9b28c561d131a032b599e0479931221819c677140d1b272d121abb
- SSDEEP
  
  1536:OT33kLmdI52QC2mCYKw2cr2RhXbZ9qu/nDw2a1+YRroJQusWMIcdwv0YXowGF:mhQC2mCYK3RhrZ9dPk2Q9yMJwv0YRG
Score

3^/10
behavioral19 behavioral20
- Target
  
  VMProtectSDK64.dll
- Size
  
  116KB
- MD5
  
  6540242ff58d08c8849268cf305445b8
- SHA1
  
  ba0d0c8875ed96f137dcb28aeff873373b994eee
- SHA256
  
  889553cce491767b38df153b567b6da682709925dd7a1c23f12c6d53a9fb18c2
- SHA512
  
  073e44196cd0c4cdb1cb5004cca59da80e09b97c70b83f212344ec7b262f1a3a4ebdbdf059d9bdbc228545b49a269a8363b1db9180ff6565c94797b19cd3c515
- SSDEEP
  
  3072:LmcqYHq7Aiytzg2ScpvgJcG5sqYX6U4HDlBS:q0Hq7AiyegZgJZSXwjH
Score

1^/10
behavioral21 behavioral22
- Target
  
  api-ms-win-core-console-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  3463d82d90601b441cf024c92abe4acc
- SHA1
  
  eac8fdafccbc1beb17386552922770bfe12ec1eb
- SHA256
  
  49ac9f317d0adfc3761d6ff0d32844be70cc78e2af18319c9a2e2ec2a44d672e
- SHA512
  
  ff4fe61c7dc5f8eb7012cc4867d7212cbf965ec786dfdfa8c74ecad8c582c4ac1107aa2876e5f11066908fbd07c1b353dc67060c28199a7e21d57adbdddac977
- SSDEEP
  
  192:5wkETRQWfhWpBxQmLuDBks/nGfe4pBjSHM4+O38WebtuVaVWQ4CWaeOBqnaj87XD:BWfhW1Q7q0GftpBjj4+1ZFtl9V+H
Score

1^/10
behavioral23 behavioral24
- Target
  
  api-ms-win-core-datetime-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  ac3c4cafa028297da5037781f1156220
- SHA1
  
  937c2b11c7fe4effc16e67af716563aee2419a0f
- SHA256
  
  0f0cec83da06f06e9c42ffded72fa69c51efed881def2b4b7b88274bc1bf3d40
- SHA512
  
  a2d1135f497e3831f14369978ae6a5ff74106d9d4ea0407548b6c336a1082bddd196424b292c799ce60270182c13e148971039cf29241e76203b069ebf7bb72b
- SSDEEP
  
  192:fWfhWphuivT16uDBks/nGfe4pBjSHcKaRrJL2TI8WebtuVaVWQ4CWiRqnajjpxfk:fWfhWDTvT1Nq0GftpBjpanZ/RlBPin
Score

1^/10
behavioral25 behavioral26
- Target
  
  api-ms-win-core-debug-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  8c0531639f58f79b5b67b52edebb01bd
- SHA1
  
  866f3ca8819440e0ba67eb935e688509f86ce1e3
- SHA256
  
  a20dc11ab10769b38cafb701c2d08810c8aa61350f0b33ae7838ff5c26edf956
- SHA512
  
  d6ddcb814d7f507df03bd5fb378eae3bf30f31d0cbb41136382469297033965763dc20e68dc50108eeb5fb5996d167cf21b29dbdc0ea163521607e1cc75f7d9a
- SSDEEP
  
  192:1WfhWweivT16uDBks/nGfe4pBjS72Ek7KHwDoG8WebtuVaVWQ4+WoRmqnajiPNQJ:1WfhWqvT1Nq0GftpBjGmKQDcZZ8lgeL1
Score

1^/10
behavioral27 behavioral28
- Target
  
  api-ms-win-core-errorhandling-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  2a3c5cbe313f4105dce8a79f533e5959
- SHA1
  
  26e6768280c83217ccbe36f3a405381defec12b9
- SHA256
  
  79cb8a8781feb448fe051e90ccaf3d6ecdfac12c1ad4bba2730aa1f0a229c31e
- SHA512
  
  e24ba69254b445a62add1d58269ee99841c36049f639671a311bfc0f60d965e6a8d79a67375eb0d3ee3be8cf998f182ff03291f0709ae2155bbee924708dd8c2
- SSDEEP
  
  384:VvPWfhWBR4Zq0GftpBjITKpgZ3pWl3u7gFO:VvUG47iV2Bz
Score

1^/10
behavioral29 behavioral30
- Target
  
  api-ms-win-core-file-l1-1-0.dll
- Size
  
  21KB
- MD5
  
  4215700161720c767e725b1f7fc358ab
- SHA1
  
  6e31fa39775c1c6c60fe8869761c31148b0a8019
- SHA256
  
  38e535e9a79cd72e3f5e3c0ec9c97a18e86d480a504ea6c85854a6f70b302c3a
- SHA512
  
  8c93f4021544ffafa37665efcbfa2c4d23742573e695766c637c9449a39af5ea0de114c821a5c50b886ed1ab0f0a2be0fdda164884d73f7488402cfa2137e5b6
- SSDEEP
  
  384:HBPvVXWWfhWkQ7q0GftpBjNhZjl78oS/i:hPvVX3Oi9Laa
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Drops file in Drivers directory

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32