General

  • Target

    Battly-Launcher-win-x64-win7.exe

  • Size

    177.9MB

  • Sample

    240222-zryrmsfa9x

  • MD5

    cf854b824d73f0ad3a389c093b550bf9

  • SHA1

    bd82c41712fd24eda003ec177355d2bb897e1d35

  • SHA256

    39655b2746902e30cddaf0b0af0ab161c5cd4694723c53a6117321f440b39abd

  • SHA512

    cb39b767330a94e8548f01e9081fef9af9f5bb211056a8207c01b77284d9ae74136c398c3a031fcfca139d5f6ba2d1ddb58adfe279bb66e630f0e4a68f65cdc1

  • SSDEEP

    3145728:YfSgObnOQcTeOd60sh89QNFGQYHeJ8O1mI6tAdNvePARmnKbbj7PmM3iOOxuLjSl:jmjd6nlFM+mOb6tAWrnKL7ziORy2crH5

Score
9/10

Malware Config

Targets

    • Target

      Battly-Launcher-win-x64-win7.exe

    • Size

      177.9MB

    • MD5

      cf854b824d73f0ad3a389c093b550bf9

    • SHA1

      bd82c41712fd24eda003ec177355d2bb897e1d35

    • SHA256

      39655b2746902e30cddaf0b0af0ab161c5cd4694723c53a6117321f440b39abd

    • SHA512

      cb39b767330a94e8548f01e9081fef9af9f5bb211056a8207c01b77284d9ae74136c398c3a031fcfca139d5f6ba2d1ddb58adfe279bb66e630f0e4a68f65cdc1

    • SSDEEP

      3145728:YfSgObnOQcTeOd60sh89QNFGQYHeJ8O1mI6tAdNvePARmnKbbj7PmM3iOOxuLjSl:jmjd6nlFM+mOb6tAWrnKL7ziORy2crH5

    Score
    9/10
    • Renames multiple (92) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Target

      $PLUGINSDIR/StdUtils.dll

    • Size

      100KB

    • MD5

      c6a6e03f77c313b267498515488c5740

    • SHA1

      3d49fc2784b9450962ed6b82b46e9c3c957d7c15

    • SHA256

      b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

    • SHA512

      9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

    • SSDEEP

      3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      0d7ad4f45dc6f5aa87f606d0331c6901

    • SHA1

      48df0911f0484cbe2a8cdd5362140b63c41ee457

    • SHA256

      3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    • SHA512

      c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    • SSDEEP

      192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

    Score
    3/10
    • Target

      $PLUGINSDIR/UAC.dll

    • Size

      14KB

    • MD5

      adb29e6b186daa765dc750128649b63d

    • SHA1

      160cbdc4cb0ac2c142d361df138c537aa7e708c9

    • SHA256

      2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

    • SHA512

      b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

    • SSDEEP

      192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs

    Score
    3/10
    • Target

      $PLUGINSDIR/WinShell.dll

    • Size

      3KB

    • MD5

      1cc7c37b7e0c8cd8bf04b6cc283e1e56

    • SHA1

      0b9519763be6625bd5abce175dcc59c96d100d4c

    • SHA256

      9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

    • SHA512

      7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

    Score
    3/10
    • Target

      locales/hi.pak

    • Size

      821KB

    • MD5

      ede7fa471c5eebc1fa55b9b3b6f92d00

    • SHA1

      1d1f529c615799bb3a3319ddd1357cb5dc71464e

    • SHA256

      1e9623c7407ae8b8a88df3f69a47ae8117f74c4dcb56897bb794a9c38ee5805b

    • SHA512

      0f51ea54e828700080effa6c728230c523ff8e26fb350e6f337028d18614d5dfc4a2792cb92b5e606bd0702067f55fea546029cddd1ebf7fa74ef5521ff08338

    • SSDEEP

      3072:qPgjbNHZaMPBeMApi4DqPdkhSvf4QAEm5dmGrsXt4GR3doE1NtdYbOqGPtv83Y8r:o67P7QRU5B5MQut

    Score
    1/10
    • Target

      locales/lv.pak

    • Size

      410KB

    • MD5

      e664eb35f1284e9fc615e1bb4fab892b

    • SHA1

      e777653abec377a394170b04f79e78acbe4b6a3b

    • SHA256

      b5a31cbfcb40ad8d911de1618c4eb7e8cc67b97eb8878220f15d40eb014d8ac8

    • SHA512

      c3232997e8d306e91ded72e9d81ffae2018af3e6c32fe620532e03bccd2883fce59b2a2290a1580d7080c468c02bcd24c1bc90051f06bfa9a4e17857d4aa583f

    • SSDEEP

      6144:3zQa1Lm8NItVFq7mvly4Gh1VWtpaRd5tNm0YME19AWranpWBAFTDVs1C:DDRFog4GRWAd5PEJ18s1C

    Score
    1/10
    • Target

      resources/app/node_modules/@protobufjs/aspromise/index.js

    • Size

      1KB

    • MD5

      9c75f94593fa81cd281536634b8fd88c

    • SHA1

      20a209707db092898fd83b8c8ec4e70bc5eba822

    • SHA256

      fb1acf6664b54d5d6a0d110e213a1fac0ea8cc1fba3867b93bfe1bc31fdddc10

    • SHA512

      e9f9deb114c7a42fe83b96cb35554f751942bc60936942574d9b0c5260a4ea5bb31503a7fefb6f129ac29bc1f6442cbab2dbdb3c73a615e7e4b95e6b09f75274

    Score
    1/10
    • Target

      resources/app/node_modules/@protobufjs/base64/index.js

    • Size

      3KB

    • MD5

      d4d8e55ef566897e7d0b0822b29adbbc

    • SHA1

      d66bc24d213ed70406573b8143ee317f16b2b7b8

    • SHA256

      c49fe6e858675f444adc5f6f4790f202c9de96d9a573b88b4791db94e6b6aeb9

    • SHA512

      1d77d492495c0a01d7f1e23cf9fc3cf208538b594e40780f190b6cc922d5ad06eb69e5d1838b8db265dfa67960f9b9dea55b783208bc318fe34b1d788837772e

    Score
    1/10
    • Target

      resources/app/node_modules/@protobufjs/codegen/index.js

    • Size

      3KB

    • MD5

      eba046d9a03336df1604070492602a27

    • SHA1

      43e036e5be9fd6ec7311a72cfaf432c285c0d926

    • SHA256

      703af3a920ebcb183b1f70f764dc1528c01bd67c5d906ef69a70c9f014586175

    • SHA512

      eb903a252e7970a4c2b875ae05bc159c8d2dbdb2f04c1ebcc5a163d2074878bb2613b3890e7fd8674f72216180603f6388bc442fd4c7a032036f224fe54fb2e5

    Score
    1/10
    • Target

      resources/app/node_modules/@protobufjs/eventemitter/index.js

    • Size

      2KB

    • MD5

      df28fbb054f06dfcf693245ddf33a2e0

    • SHA1

      84e96420ef5f9687ec7f4e38fcd0e1e97cb9d124

    • SHA256

      fbc103a9742b766c8f714f58712a7a83b5eb55f48b6d5cf43aa9f044b56b85f0

    • SHA512

      b6787dd9fde6d8cec99d533528a4e6a5013fb83c2bc55ecfcffaba67d7bfd8d0d6b4885e4adc27cde5ebc42613b7474e53a0621d7dd73618d07973de40a34845

    Score
    1/10
    • Target

      resources/app/node_modules/@protobufjs/fetch/index.js

    • Size

      3KB

    • MD5

      44f0220465eb7c4ff00beb76ca172d97

    • SHA1

      c8eca76836841d4fbc5f5be2e6f173e6c379e90e

    • SHA256

      4215ca988a31f8f0ee5304c1fb4d395dd6f3e5c612564105596764f27cd948b8

    • SHA512

      b7bf2bccfcc9897fda89a61639888740b848c6bd9cda3d91b1c6e6bf5b47cc491bbeb9cc7d16dddda413dd7a48257a51ecce8e7ecea563f6cd2a27dbd97ddc72

    Score
    1/10
    • Target

      resources/app/node_modules/@protobufjs/float/bench/index.js

    • Size

      1KB

    • MD5

      8422eba0f1898b2de1fc3fd7856c2b13

    • SHA1

      4fe8d502c9234937fad609d2943739e319452556

    • SHA256

      80310d389bb9ec48eac72ef1f6807479bf319587f5eda0a5f9ff63f145f6ca33

    • SHA512

      aadfb11df7ba243f0dbd0c89362020631bcacdaa7756994c7acd5818c8085f8d3ca9e165769389617506e22f812c51ad8e24d2f624b463ff2b0d2962f0df9e08

    Score
    1/10
    • Target

      resources/app/node_modules/@protobufjs/float/bench/suite.js

    • Size

      1KB

    • MD5

      9b589b40b494a2cf5af32b7d247cd7d6

    • SHA1

      d763967aeae48dff3c1ee333d76c7254d3165bc6

    • SHA256

      3ea9f59d25254c88ba42c6fce0efad7934eb518eab22da41e9af427475d28ad9

    • SHA512

      664170adb319de4e7eb1ccf129d9761a9095f7a5e30f1c51f3ba7af1f4e6023672ba079c200bbcfbb4f5080bb74fbce101d804b7c1893e1dd33f0c26d94970a7

    Score
    1/10
    • Target

      resources/app/node_modules/@protobufjs/float/index.js

    • Size

      11KB

    • MD5

      efe38d79540ffb5d860886c9c098b57e

    • SHA1

      b527862d2b70d920b53f804e92b9516a1b48ac8f

    • SHA256

      bacb0a4b2b042bccb8b30186662a6e7fa0027f354be53175095daa40c56d98bb

    • SHA512

      a38d5f4c12648087914e868e1c8b0c5b64353c45c1fad86b6ee2d6dfd1c9bf303b6b4ab479c2e7df4999fb4d048f68934840ba79948540fa0541e3deefd0c6cf

    • SSDEEP

      192:4KmJS9683SIT2+BFpHTpVIh6+c+lUgUzUtO0vBTLOeT8HaGhtaflUeUNhdZs:4KwYmozzUTO1HRE

    Score
    1/10
    • Target

      resources/app/node_modules/@protobufjs/inquire/index.js

    • Size

      544B

    • MD5

      b8e6f7bd2e4de465240c65401682aefa

    • SHA1

      492f03cc9fc7eed204d1cb100441f3b9b1c3753b

    • SHA256

      78142008e45aec5090c61ac9ee12d6d8fd4698c72d5ff1eba508569910732b83

    • SHA512

      e4fa93acee2698cff5e312639a5fbe139d22f952f558683716d917282f0aeae5369e9993afbb800e4c561c795ce3f0ef3f202de01bcece8ae0756d61b7431e39

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks