Overview

overview

8

Static

static

3

Badlion Cl....1.exe

windows7-x64

4

Badlion Cl....1.exe

windows10-2004-x64

4

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDIR/app-64.7z

windows7-x64

3

$PLUGINSDIR/app-64.7z

windows10-2004-x64

7

Badlion Client.exe

windows7-x64

8

Badlion Client.exe

windows10-2004-x64

8

LICENSES.c...m.html

windows7-x64

1

LICENSES.c...m.html

windows10-2004-x64

1

VMProtectSDK32.dll

windows7-x64

1

VMProtectSDK32.dll

windows10-2004-x64

3

VMProtectSDK64.dll

windows7-x64

1

VMProtectSDK64.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    136s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    25/02/2024, 01:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    LICENSES.chromium.html

  • Size

    5.2MB

  • MD5

    27206d29e7a2d80ee16f7f02ee89fb0f

  • SHA1

    3cf857751158907166f87ed03f74b40621e883ef

  • SHA256

    2282bc8fe1798971d5726d2138eda308244fa713f0061534b8d9fbe9453d59ab

  • SHA512

    390c490f7ff6337ee701bd7fc866354ef1b821d490c54648459c382ba63c1e8c92229e1b089a3bd0b701042b7fa9c6d2431079fd263e2d6754523fce200840e2

  • SSDEEP

    12288:/7etnqnVnMnBnunQ9RBvjYJEi400/Q599b769B9UOE6MwMGucMEbHDuX0YnpWQZO:sFEc5FeWSPZza8yUMmfSHCHWJ4pps

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2200
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2200 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2440

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          727e954de00459dc14d78fe8122d1ad4

          SHA1

          c53b36c7b61dc49da488ed162501d28eeab81951

          SHA256

          0d3fedc223ab0ce9e772debe2bb842ee930d715957eab47aa68c733b23e4c835

          SHA512

          43113bae622613ecfd117a4276a6a53360eecd89144d60cd7b536699d2c02010f7ece84d4d81debc5dbfaff305bf63be6a746a2715b3034cd6d6be531f44f366

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          64e69e1f98b797e0da03a5087b97d73b

          SHA1

          f55ced793a6e3a212b922b74968a35e2ed024f23

          SHA256

          3f04ffd56e32e4465ac27820fb6441f7ef90820cd240efba0ef411f140ecaef6

          SHA512

          0a6b4375fcdf1c1a6b0e06f0e7e8b0e3950cf241c96bcf882b53647f43b326b6800f742cfa4d925bcf27fc6069646048656a961c8382e4ab9dceb0f79a8cd1cf

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          6e7ee6f00f456986ad5c48774cc1d488

          SHA1

          0af95e423a12ef6c1165c7e7c8eeffb83a26ca5b

          SHA256

          1784ba80d6d1e25698609bf763d985062e0b4f50d7dfabbeb269e10f02a61b8d

          SHA512

          0fd2f859fe1922404177678c77fe9be15569bd05f36c1c5a797791843ba32361fb1161923ff9ad84c16a3254bb3d886f733bace401f21660f37b59c87969a279

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          d2ce8e57b0a399851bc84ddbba967b4f

          SHA1

          b265558e4db72866943dda0c3a0a7689a977f814

          SHA256

          f8d902960c9e6e7290d857f950555c8c120f2d20b04f92540ee9fe23c91185e9

          SHA512

          742c7f42d8ace5bf97a5720c6230100404fc039e4e2802882af5d6198f5fb65ce5e79d1822c0a42570b1a6131c9b230b2dee057bae5e912c772bac2f98284708

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          ec8861425294da3e8d44007d2a897515

          SHA1

          648180555205faaa24b4120ed400e9f8dbc58e3b

          SHA256

          f061cb400a0811eab73709655f3f6bf9fb58eaaa72aa87bb3dd72f827a622c9d

          SHA512

          730f44c0b28969e3700fd0d73f0bec50e7faaa442c58c319ff60bf6588a05932bec287146926439a022962fe9100dece118acbb6126d006030fadb70226ffc69

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          86de610620fabff6a1bf208e2cfa01df

          SHA1

          ace0b08d78cba16c30782ba028260e237e01e989

          SHA256

          d45017b0061d9a767c104ac4569c68b056ddd5645a6decaec663557176fee268

          SHA512

          f18fc0844470ec1c605b8c85dd4f1ac16bd401505923955849d65278d46bc21572d176c0fb3408143abb747728cfc8f4ce7f0d48bc95328c05973c44a8a49dc5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          e07ec85c38fc32d05d65c46dd3c006ed

          SHA1

          4de4d118d5d98dca14af2ce12605fa5b4442c099

          SHA256

          d58010ff75133b83be1f6ccd715500e3c260b159f5cfa58788b6769878264589

          SHA512

          d30336e4e0a19c30c02afb7178495d065a3a8b2e4ff05fbca0e331fb3b26365a7f673b5f6e89784c967a656bcd37eae3124df9226634d6e83ee3c41f27ba2178

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          7b73baa89eedb371e0af6e350434b974

          SHA1

          095de9e1cde91fe81a81784b8d90b2e092d0b7a2

          SHA256

          ef78ddd54880584f4f989120e2e7573d0aaffd6dbacef51f80e5d65e6f26bc0d

          SHA512

          b1dde3a236de5d4d0617e9b7a289c673f29d6d8b89b3e76a5b184e9c4d99b9acafe72c3f95c0c60ba2470c73bad1e7f7c2d8554fb3641bd6c3e857c88840b1fa

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          492753db20f87a888da9b51179be6764

          SHA1

          30877d12dfcc79d04a842506aec0deb2c9a273f8

          SHA256

          c321e99c759d716440f78fdcd08ceeecb0e212d229ac7bb58951ad97c8ec0a09

          SHA512

          326821d04d738afde64c34a9ab59290ad1a5df66fd1d1aad7b87591e1bbd4eaba6f248c1fff95ee943444ac6dc5a67b9eb4111bf3b87b3a04860aac667695e8c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          dfbe98f0a5bbf7c950b651e1e0cdd8b8

          SHA1

          85765698fe01202964c989d6be9ea6aa32a41014

          SHA256

          c971b6aea5d7d2eb0b9a39904a66dc807a7e71876d5ce3ad3bea630f9f0a9365

          SHA512

          207930112eefdb6562fab075c1e4138d334258deffe15ed618e7e08173112992e9c8dc661f8137594c01f6cf831dcbc6911b21cd5fee3e0c9602bc42d65eaa7f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          587fc0da4a3d661ce7639e621f6dcbb5

          SHA1

          c54a2d217ffd4b1519058e5c4390f76ceb7dd371

          SHA256

          f050abd554538e69bdeae6a8d62496122ba522b05f63976ed7d600a1e7a0b5bf

          SHA512

          64b14472c296e0e012be367ed88ad1432b18aa51b824c9182a6a0172a247a55681fe22244ec5b3d0ed28e7f97ed16edfcbc9e70dc780fe6ec0493602e7063d02

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          3b473820a8e2ccf198609ad6d3f1f8b8

          SHA1

          cb5a16ebefa92d29d237f179588fe59a470eca58

          SHA256

          dbb333ff51c64ffa29454a30da5dbf56a9b4af745aa1be766cd136f08324130c

          SHA512

          6b1be33cbafc7285520ba82d1bda0f48f98ab556c50400bf4eef6d8d22f9bbef5109117a6461f9c19acd880f4cc9960d0f8e58efb1b74bcd6fc2df3edb9fe92c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabFA57.tmp
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarFC4F.tmp
          Filesize

          171KB

          MD5

          9c0c641c06238516f27941aa1166d427

          SHA1

          64cd549fb8cf014fcd9312aa7a5b023847b6c977

          SHA256

          4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

          SHA512

          936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

          Download Submit