Overview
overview
9Static
static
3Battly-Lau...n7.exe
windows7-x64
9Battly-Lau...n7.exe
windows10-2004-x64
7$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/UAC.dll
windows7-x64
3$PLUGINSDIR/UAC.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3locales/hi.ps1
windows7-x64
1locales/hi.ps1
windows10-2004-x64
1locales/lv.ps1
windows7-x64
1locales/lv.ps1
windows10-2004-x64
1resources/...dex.js
windows7-x64
1resources/...dex.js
windows10-2004-x64
1resources/...dex.js
windows7-x64
1resources/...dex.js
windows10-2004-x64
1resources/...dex.js
windows7-x64
1resources/...dex.js
windows10-2004-x64
1resources/...dex.js
windows7-x64
1resources/...dex.js
windows10-2004-x64
1resources/...dex.js
windows7-x64
1resources/...dex.js
windows10-2004-x64
1resources/...dex.js
windows7-x64
1resources/...dex.js
windows10-2004-x64
1resources/...ite.js
windows7-x64
1resources/...ite.js
windows10-2004-x64
1resources/...dex.js
windows7-x64
1resources/...dex.js
windows10-2004-x64
1resources/...dex.js
windows7-x64
1resources/...dex.js
windows10-2004-x64
1General
-
Target
Battly-Launcher-win-x64-win7.exe
-
Size
177.9MB
-
Sample
240222-zryrmsfa9x
-
MD5
cf854b824d73f0ad3a389c093b550bf9
-
SHA1
bd82c41712fd24eda003ec177355d2bb897e1d35
-
SHA256
39655b2746902e30cddaf0b0af0ab161c5cd4694723c53a6117321f440b39abd
-
SHA512
cb39b767330a94e8548f01e9081fef9af9f5bb211056a8207c01b77284d9ae74136c398c3a031fcfca139d5f6ba2d1ddb58adfe279bb66e630f0e4a68f65cdc1
-
SSDEEP
3145728:YfSgObnOQcTeOd60sh89QNFGQYHeJ8O1mI6tAdNvePARmnKbbj7PmM3iOOxuLjSl:jmjd6nlFM+mOb6tAWrnKL7ziORy2crH5
Static task
static1
Behavioral task
behavioral1
Sample
Battly-Launcher-win-x64-win7.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Battly-Launcher-win-x64-win7.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/UAC.dll
Resource
win7-20240215-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/UAC.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/WinShell.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/WinShell.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral11
Sample
locales/hi.ps1
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
locales/hi.ps1
Resource
win10v2004-20240221-en
Behavioral task
behavioral13
Sample
locales/lv.ps1
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
locales/lv.ps1
Resource
win10v2004-20240221-en
Behavioral task
behavioral15
Sample
resources/app/node_modules/@protobufjs/aspromise/index.js
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
resources/app/node_modules/@protobufjs/aspromise/index.js
Resource
win10v2004-20240221-en
Behavioral task
behavioral17
Sample
resources/app/node_modules/@protobufjs/base64/index.js
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
resources/app/node_modules/@protobufjs/base64/index.js
Resource
win10v2004-20240221-en
Behavioral task
behavioral19
Sample
resources/app/node_modules/@protobufjs/codegen/index.js
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
resources/app/node_modules/@protobufjs/codegen/index.js
Resource
win10v2004-20240221-en
Behavioral task
behavioral21
Sample
resources/app/node_modules/@protobufjs/eventemitter/index.js
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
resources/app/node_modules/@protobufjs/eventemitter/index.js
Resource
win10v2004-20240221-en
Behavioral task
behavioral23
Sample
resources/app/node_modules/@protobufjs/fetch/index.js
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
resources/app/node_modules/@protobufjs/fetch/index.js
Resource
win10v2004-20240221-en
Behavioral task
behavioral25
Sample
resources/app/node_modules/@protobufjs/float/bench/index.js
Resource
win7-20240215-en
Behavioral task
behavioral26
Sample
resources/app/node_modules/@protobufjs/float/bench/index.js
Resource
win10v2004-20240221-en
Behavioral task
behavioral27
Sample
resources/app/node_modules/@protobufjs/float/bench/suite.js
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
resources/app/node_modules/@protobufjs/float/bench/suite.js
Resource
win10v2004-20240221-en
Behavioral task
behavioral29
Sample
resources/app/node_modules/@protobufjs/float/index.js
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
resources/app/node_modules/@protobufjs/float/index.js
Resource
win10v2004-20240221-en
Behavioral task
behavioral31
Sample
resources/app/node_modules/@protobufjs/inquire/index.js
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
resources/app/node_modules/@protobufjs/inquire/index.js
Resource
win10v2004-20240221-en
Malware Config
Targets
-
-
Target
Battly-Launcher-win-x64-win7.exe
-
Size
177.9MB
-
MD5
cf854b824d73f0ad3a389c093b550bf9
-
SHA1
bd82c41712fd24eda003ec177355d2bb897e1d35
-
SHA256
39655b2746902e30cddaf0b0af0ab161c5cd4694723c53a6117321f440b39abd
-
SHA512
cb39b767330a94e8548f01e9081fef9af9f5bb211056a8207c01b77284d9ae74136c398c3a031fcfca139d5f6ba2d1ddb58adfe279bb66e630f0e4a68f65cdc1
-
SSDEEP
3145728:YfSgObnOQcTeOd60sh89QNFGQYHeJ8O1mI6tAdNvePARmnKbbj7PmM3iOOxuLjSl:jmjd6nlFM+mOb6tAWrnKL7ziORy2crH5
Score9/10-
Renames multiple (92) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
$PLUGINSDIR/StdUtils.dll
-
Size
100KB
-
MD5
c6a6e03f77c313b267498515488c5740
-
SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15
-
SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
-
SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
-
SSDEEP
3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
0d7ad4f45dc6f5aa87f606d0331c6901
-
SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457
-
SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
-
SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
-
SSDEEP
192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score3/10 -
-
-
Target
$PLUGINSDIR/UAC.dll
-
Size
14KB
-
MD5
adb29e6b186daa765dc750128649b63d
-
SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9
-
SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
-
SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
-
SSDEEP
192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
Score3/10 -
-
-
Target
$PLUGINSDIR/WinShell.dll
-
Size
3KB
-
MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56
-
SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c
-
SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
-
SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score3/10 -
-
-
Target
locales/hi.pak
-
Size
821KB
-
MD5
ede7fa471c5eebc1fa55b9b3b6f92d00
-
SHA1
1d1f529c615799bb3a3319ddd1357cb5dc71464e
-
SHA256
1e9623c7407ae8b8a88df3f69a47ae8117f74c4dcb56897bb794a9c38ee5805b
-
SHA512
0f51ea54e828700080effa6c728230c523ff8e26fb350e6f337028d18614d5dfc4a2792cb92b5e606bd0702067f55fea546029cddd1ebf7fa74ef5521ff08338
-
SSDEEP
3072:qPgjbNHZaMPBeMApi4DqPdkhSvf4QAEm5dmGrsXt4GR3doE1NtdYbOqGPtv83Y8r:o67P7QRU5B5MQut
Score1/10 -
-
-
Target
locales/lv.pak
-
Size
410KB
-
MD5
e664eb35f1284e9fc615e1bb4fab892b
-
SHA1
e777653abec377a394170b04f79e78acbe4b6a3b
-
SHA256
b5a31cbfcb40ad8d911de1618c4eb7e8cc67b97eb8878220f15d40eb014d8ac8
-
SHA512
c3232997e8d306e91ded72e9d81ffae2018af3e6c32fe620532e03bccd2883fce59b2a2290a1580d7080c468c02bcd24c1bc90051f06bfa9a4e17857d4aa583f
-
SSDEEP
6144:3zQa1Lm8NItVFq7mvly4Gh1VWtpaRd5tNm0YME19AWranpWBAFTDVs1C:DDRFog4GRWAd5PEJ18s1C
Score1/10 -
-
-
Target
resources/app/node_modules/@protobufjs/aspromise/index.js
-
Size
1KB
-
MD5
9c75f94593fa81cd281536634b8fd88c
-
SHA1
20a209707db092898fd83b8c8ec4e70bc5eba822
-
SHA256
fb1acf6664b54d5d6a0d110e213a1fac0ea8cc1fba3867b93bfe1bc31fdddc10
-
SHA512
e9f9deb114c7a42fe83b96cb35554f751942bc60936942574d9b0c5260a4ea5bb31503a7fefb6f129ac29bc1f6442cbab2dbdb3c73a615e7e4b95e6b09f75274
Score1/10 -
-
-
Target
resources/app/node_modules/@protobufjs/base64/index.js
-
Size
3KB
-
MD5
d4d8e55ef566897e7d0b0822b29adbbc
-
SHA1
d66bc24d213ed70406573b8143ee317f16b2b7b8
-
SHA256
c49fe6e858675f444adc5f6f4790f202c9de96d9a573b88b4791db94e6b6aeb9
-
SHA512
1d77d492495c0a01d7f1e23cf9fc3cf208538b594e40780f190b6cc922d5ad06eb69e5d1838b8db265dfa67960f9b9dea55b783208bc318fe34b1d788837772e
Score1/10 -
-
-
Target
resources/app/node_modules/@protobufjs/codegen/index.js
-
Size
3KB
-
MD5
eba046d9a03336df1604070492602a27
-
SHA1
43e036e5be9fd6ec7311a72cfaf432c285c0d926
-
SHA256
703af3a920ebcb183b1f70f764dc1528c01bd67c5d906ef69a70c9f014586175
-
SHA512
eb903a252e7970a4c2b875ae05bc159c8d2dbdb2f04c1ebcc5a163d2074878bb2613b3890e7fd8674f72216180603f6388bc442fd4c7a032036f224fe54fb2e5
Score1/10 -
-
-
Target
resources/app/node_modules/@protobufjs/eventemitter/index.js
-
Size
2KB
-
MD5
df28fbb054f06dfcf693245ddf33a2e0
-
SHA1
84e96420ef5f9687ec7f4e38fcd0e1e97cb9d124
-
SHA256
fbc103a9742b766c8f714f58712a7a83b5eb55f48b6d5cf43aa9f044b56b85f0
-
SHA512
b6787dd9fde6d8cec99d533528a4e6a5013fb83c2bc55ecfcffaba67d7bfd8d0d6b4885e4adc27cde5ebc42613b7474e53a0621d7dd73618d07973de40a34845
Score1/10 -
-
-
Target
resources/app/node_modules/@protobufjs/fetch/index.js
-
Size
3KB
-
MD5
44f0220465eb7c4ff00beb76ca172d97
-
SHA1
c8eca76836841d4fbc5f5be2e6f173e6c379e90e
-
SHA256
4215ca988a31f8f0ee5304c1fb4d395dd6f3e5c612564105596764f27cd948b8
-
SHA512
b7bf2bccfcc9897fda89a61639888740b848c6bd9cda3d91b1c6e6bf5b47cc491bbeb9cc7d16dddda413dd7a48257a51ecce8e7ecea563f6cd2a27dbd97ddc72
Score1/10 -
-
-
Target
resources/app/node_modules/@protobufjs/float/bench/index.js
-
Size
1KB
-
MD5
8422eba0f1898b2de1fc3fd7856c2b13
-
SHA1
4fe8d502c9234937fad609d2943739e319452556
-
SHA256
80310d389bb9ec48eac72ef1f6807479bf319587f5eda0a5f9ff63f145f6ca33
-
SHA512
aadfb11df7ba243f0dbd0c89362020631bcacdaa7756994c7acd5818c8085f8d3ca9e165769389617506e22f812c51ad8e24d2f624b463ff2b0d2962f0df9e08
Score1/10 -
-
-
Target
resources/app/node_modules/@protobufjs/float/bench/suite.js
-
Size
1KB
-
MD5
9b589b40b494a2cf5af32b7d247cd7d6
-
SHA1
d763967aeae48dff3c1ee333d76c7254d3165bc6
-
SHA256
3ea9f59d25254c88ba42c6fce0efad7934eb518eab22da41e9af427475d28ad9
-
SHA512
664170adb319de4e7eb1ccf129d9761a9095f7a5e30f1c51f3ba7af1f4e6023672ba079c200bbcfbb4f5080bb74fbce101d804b7c1893e1dd33f0c26d94970a7
Score1/10 -
-
-
Target
resources/app/node_modules/@protobufjs/float/index.js
-
Size
11KB
-
MD5
efe38d79540ffb5d860886c9c098b57e
-
SHA1
b527862d2b70d920b53f804e92b9516a1b48ac8f
-
SHA256
bacb0a4b2b042bccb8b30186662a6e7fa0027f354be53175095daa40c56d98bb
-
SHA512
a38d5f4c12648087914e868e1c8b0c5b64353c45c1fad86b6ee2d6dfd1c9bf303b6b4ab479c2e7df4999fb4d048f68934840ba79948540fa0541e3deefd0c6cf
-
SSDEEP
192:4KmJS9683SIT2+BFpHTpVIh6+c+lUgUzUtO0vBTLOeT8HaGhtaflUeUNhdZs:4KwYmozzUTO1HRE
Score1/10 -
-
-
Target
resources/app/node_modules/@protobufjs/inquire/index.js
-
Size
544B
-
MD5
b8e6f7bd2e4de465240c65401682aefa
-
SHA1
492f03cc9fc7eed204d1cb100441f3b9b1c3753b
-
SHA256
78142008e45aec5090c61ac9ee12d6d8fd4698c72d5ff1eba508569910732b83
-
SHA512
e4fa93acee2698cff5e312639a5fbe139d22f952f558683716d917282f0aeae5369e9993afbb800e4c561c795ce3f0ef3f202de01bcece8ae0756d61b7431e39
Score1/10 -