Overview

overview

8

Static

static

3

Badlion Cl....1.exe

windows7-x64

4

Badlion Cl....1.exe

windows10-2004-x64

4

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

Badlion Client.exe

windows7-x64

8

Badlion Client.exe

windows10-2004-x64

8

LICENSES.c...m.html

windows7-x64

1

LICENSES.c...m.html

windows10-2004-x64

1

VMProtectSDK32.dll

windows7-x64

1

VMProtectSDK32.dll

windows10-2004-x64

3

VMProtectSDK64.dll

windows7-x64

1

VMProtectSDK64.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    245s
  • max time network
    267s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06-03-2024 00:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LICENSES.chromium.html

  • Size

    5.2MB

  • MD5

    27206d29e7a2d80ee16f7f02ee89fb0f

  • SHA1

    3cf857751158907166f87ed03f74b40621e883ef

  • SHA256

    2282bc8fe1798971d5726d2138eda308244fa713f0061534b8d9fbe9453d59ab

  • SHA512

    390c490f7ff6337ee701bd7fc866354ef1b821d490c54648459c382ba63c1e8c92229e1b089a3bd0b701042b7fa9c6d2431079fd263e2d6754523fce200840e2

  • SSDEEP

    12288:/7etnqnVnMnBnunQ9RBvjYJEi400/Q599b769B9UOE6MwMGucMEbHDuX0YnpWQZO:sFEc5FeWSPZza8yUMmfSHCHWJ4pps

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:524
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:524 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2804

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a2b9257cc5318a63ee641fcefd52f6b6

    SHA1

    a22923f073ff9c81a1189c0ea931285aa6a7298c

    SHA256

    c5a8bfe735fee280b04115b146102e969c4e3c1afbdb0b777897df263070909a

    SHA512

    029afcdb5def15fd010683d2e11e0cd19db9fee07a9d91ee4095828d16b7f7a96e37f5fd87627ef4220fd4be8e9af1a8f48e6e7a3edd54d065432eb049553856

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f8f49cee2d41b672e23a7020f29f026f

    SHA1

    a52829eb7a474e5aaa063087a4cf11f9206b8c15

    SHA256

    d592c23ff2df05f1d0b86da4b84d1a1d42aceadfae249d537058793d5bf901f4

    SHA512

    8185d9f2e77629a10b1baa703332fb5abbdc8a0b55ad708d9212c7b2a6b855a1ab09ed44dddca0a0e819dc50c1d8359ae74cfc7293b5f3c2589eb9c2f9a0c064

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    646bef29c7ffc49614364fbe12933fed

    SHA1

    cddcc7bc2a76a3561403fa70caf3b362c1275616

    SHA256

    042ab3cccebf82f7efc6a9df34498aace599688a323726170b9c7cd261776c66

    SHA512

    900970cf2ee2d3590567b97fb4750659d2180521dbee23f51b77a919c9ebdc573f48fe617b460b628fcd62946130847eba4e17afc20396b89c3e1cab789510ba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d02a305838f3f9aaf4023c8875def364

    SHA1

    2fe93a5726d753a1ea6970b3194780b8acdf057c

    SHA256

    e44465cea76feae9beaacbc75d219a5e4a0fe4c5ae5559f498605a7369d9aa47

    SHA512

    df8f85ec7f21c3235d4a9b8755b7dc4871cbcba0de49bac7a62acc1eaea530efde7058ba5514e20c16056ca7bdc90a60acb779bc05349b0aae8784d4b49103a1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    be570af2a6d9615588a37727201854a3

    SHA1

    6f2e6995366687ee392ddf867d0d4e9d9f2a536b

    SHA256

    06d2c7c0cb53c1c43c15d31021044ebf6e22bf4187277ed5f27e01574782ad8e

    SHA512

    9498f38ddda7e0d893d8065794021a0510d280cc06c87a031cb176aa2f417f93a4a0f44fcd31b843381872dc9f7dd3126e1e979cad873b52230d052c0641bd2b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    002d27d3ac305d6559c70be477ca00f2

    SHA1

    be0af73c97ea5b2b28a242bdb99bc897f4ede8f1

    SHA256

    df474cf1f5579fecbdd7c969825875afd536933ddec7c1198aeb6c925b12d869

    SHA512

    295bac69618d1f34953b957639148aef193157505e02f45148033628ab6c660ff083f471ee865b597e19c3bb3717c731ddcbb5e706cca95aa549381db97f92e1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a4993d16ee7f4088dd13c1afa4f4ab03

    SHA1

    914655b58060fb732de34e4af04a49974e5d93b7

    SHA256

    5964cb74f34d2daa2f611ca31be92a9e39854a7d58f763d3bfc274185eaaf9c2

    SHA512

    2f0c1f037e2c62fc541c57a4c5a9618eba04543b1af209a23c5e13f7a402d6892cd6992c586ee997eeb49f5356a38fe189cf554b01dceb7a10b886076b716fb9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6578fa481c3ff2cbee3515d6b05afb34

    SHA1

    af2b32e5bd8bcd0191258c48471a635380c388f0

    SHA256

    633890748ff6417a64ee6e958868393f04ee0b0f301b161b7b678ea84065989f

    SHA512

    78b2e42eb3eaa5315b208f668690a8ecce69643f8256209fc4b3603d7cb3651a6078d2ff57e76fc7befe03b6ba5a5aa9983c61b9c74a8616f8671bb6dd397ccb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7de332e2d56e923f79afe19c19901987

    SHA1

    ab1ab918ae40e201852a850ffc49fd2487cb1613

    SHA256

    a21886d6fb5e44ef0ab2f597122e7481f3f16a874aa9c16f1b93a0fc9b420fe3

    SHA512

    65d71c8031b603c68afe68e8ad41b5a07d1694fa98a07179532ce203449b9b7497f5446ac544e035d68f4deb9c251e1d0ab719f0cb28680fbac4d043216974bf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    71bcfe4c28e936787be6d06fc7bdb6c8

    SHA1

    292b372f10c1a57363aae399740f48c36934dc08

    SHA256

    dd53dcc5f094928aef882e5edf9f1562675b7636f2300fd78c879dcf555881e7

    SHA512

    1319bb088f1de18427e10bbef7cd7e734f39949e0dbd661b5baa29ac015adfa2997fb07830084f48621fe583230b67267b60a2b77ac51a46c083b2b014d02e9e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0c56fea6975a1280b68bdb1603b7e239

    SHA1

    f8094b8351ccf2da71668d774cb171c9ec3659cf

    SHA256

    24fdf03190ccbb3d045ac55d5bba3aa580178683cdf66908dbf4aa6ddb160e50

    SHA512

    df8350948b72f9b898f56d2b1a4534c084ab9d34ce69b9da22238ae8ecc8262442c7b586cd627a070243baa42b92e22a933639a5b4a35aaa8ab9f40140d04887

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA40D.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB7C0.tmp
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB7E4.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit