Overview

overview

8

Static

static

3

Badlion Cl....0.exe

windows10-2004-x64

8

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDIR/app-64.7z

windows10-2004-x64

3

LICENSE.electron.txt

windows10-2004-x64

1

chrome_100...nt.pak

windows10-2004-x64

3

cursors/co...ze.cur

windows10-2004-x64

3

cursors/co...ze.png

windows10-2004-x64

3

cursors/copy_drop.cur

windows10-2004-x64

3

cursors/hand_grab.png

windows10-2004-x64

3

cursors/ha...ng.png

windows10-2004-x64

3

cursors/link_drop.cur

windows10-2004-x64

3

cursors/ro...ze.cur

windows10-2004-x64

3

cursors/zoom_in.cur

windows10-2004-x64

3

cursors/zoom_out.cur

windows10-2004-x64

3

icudtl.dat

windows10-2004-x64

3

licenses/a...se.txt

windows10-2004-x64

1

licenses/a...se.txt

windows10-2004-x64

1

licenses/a...se.txt

windows10-2004-x64

1

licenses/b...es.txt

windows10-2004-x64

1

licenses/c...se.txt

windows10-2004-x64

1

licenses/c...se.txt

windows10-2004-x64

1

licenses/c...se.txt

windows10-2004-x64

1

licenses/d...se.txt

windows10-2004-x64

1

$PLUGINSDI...rd.bmp

windows10-2004-x64

7

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...7z.dll

windows10-2004-x64

3

$R0/Uninst...nt.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    144s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/05/2024, 03:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    licenses/cairo.font.license.txt

  • Size

    4KB

  • MD5

    5a540f4d98fc81713b81aeadc530c6ed

  • SHA1

    273c8a98fc1b2709cfce81d7f6960b63326e5485

  • SHA256

    17b90cece30db64934b7299fd76b033a3774c8a990e78badc74c59a5be8e0727

  • SHA512

    12b5e3d50da4d0aef2badcf784554257e7c8dcd9f598acca500861c1f0bb4686fd238c6ad8c2259b5047140e10d731e928490fa474577b7d847d387c9c07d702

  • SSDEEP

    96:FW+bHiilxwnEOWOKajy4vyviXQaGYBC23zCdZuKy0iQHZoG:zzl7hqyvaQ1+3zCdyQHZV

Score
1/10

Malware Config

Signatures

  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware

Processes

  • C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\licenses\cairo.font.license.txt
    1⤵
    • Opens file in notepad (likely ransom note)
    PID:1380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads