Overview

overview

8

Static

static

3

Badlion Cl....0.exe

windows7-x64

4

Badlion Cl....0.exe

windows10-2004-x64

4

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

Badlion Client.exe

windows7-x64

8

Badlion Client.exe

windows10-2004-x64

8

LICENSES.c...m.html

windows7-x64

3

LICENSES.c...m.html

windows10-2004-x64

3

VMProtectSDK32.dll

windows7-x64

3

VMProtectSDK32.dll

windows10-2004-x64

3

VMProtectSDK64.dll

windows7-x64

1

VMProtectSDK64.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

concrt140.dll

windows7-x64

1

concrt140.dll

windows10-2004-x64

1

d3dcompiler_47.dll

windows10-2004-x64

1

discord-rpc.dll

windows7-x64

1

discord-rpc.dll

windows10-2004-x64

1

ffmpeg.dll

windows7-x64

1

ffmpeg.dll

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    Badlion Client Setup 4.3.0.exe

  • Size

    105.9MB

  • Sample

    240803-adzdkszhqc

  • MD5

    0003bd6ddb5cb55b983f588b9870e82c

  • SHA1

    8a0e508002b3f328e737adb9bdad0b236ebb3504

  • SHA256

    e5fba4935007b0c55025b8fb2b70d325d69b52bad874081678d4b9e5ac3aa809

  • SHA512

    2f882938016c7ab2f22a1b21858354b8cc4633e61eed1871da4d77d8ff96e248476bb4d23a326a80d8406b720002d05d6dadba458b09a5452e1331239dc553fb

  • SSDEEP

    3145728:Ocj7rmYEBshGgT2roh0SgtY0cIWDZns6fRa/6:pj7rmUsgTwoWS1IWDZns/6

Score
8/10
defense_evasiondiscoveryexecutionpersistence

Malware Config

Targets

    • Target

      Badlion Client Setup 4.3.0.exe

    • Size

      105.9MB

    • MD5

      0003bd6ddb5cb55b983f588b9870e82c

    • SHA1

      8a0e508002b3f328e737adb9bdad0b236ebb3504

    • SHA256

      e5fba4935007b0c55025b8fb2b70d325d69b52bad874081678d4b9e5ac3aa809

    • SHA512

      2f882938016c7ab2f22a1b21858354b8cc4633e61eed1871da4d77d8ff96e248476bb4d23a326a80d8406b720002d05d6dadba458b09a5452e1331239dc553fb

    • SSDEEP

      3145728:Ocj7rmYEBshGgT2roh0SgtY0cIWDZns6fRa/6:pj7rmUsgTwoWS1IWDZns/6

    Score
    4/10
    discovery
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      15KB

    • MD5

      ba2cc9634ebed71cea697a31144af802

    • SHA1

      8221c522b24f4808f66a476381db3e6455eab5c3

    • SHA256

      9a3c2fe5490c34f73f1a05899ef60cfef05e0c9599cd704e524ef7a46ead67ba

    • SHA512

      dcc74bcedd9402f7ac7e2d1872fe0e2876ae93cf8bbd869d5b9b7b56cea244ba8d2891fa2b51382092b86480337936f5ec495d9005d47fbfd9e2b71cb7f6ba8f

    • SSDEEP

      384:Zhyd8Y6pu8ZaLf6Uksnw1g8BUcyHisUVb:Zhyd8Y67WGg8B/EiF

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/StdUtils.dll

    • Size

      100KB

    • MD5

      c6a6e03f77c313b267498515488c5740

    • SHA1

      3d49fc2784b9450962ed6b82b46e9c3c957d7c15

    • SHA256

      b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

    • SHA512

      9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

    • SSDEEP

      3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      0d7ad4f45dc6f5aa87f606d0331c6901

    • SHA1

      48df0911f0484cbe2a8cdd5362140b63c41ee457

    • SHA256

      3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    • SHA512

      c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    • SSDEEP

      192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/UAC.dll

    • Size

      14KB

    • MD5

      adb29e6b186daa765dc750128649b63d

    • SHA1

      160cbdc4cb0ac2c142d361df138c537aa7e708c9

    • SHA256

      2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

    • SHA512

      b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

    • SSDEEP

      192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/WinShell.dll

    • Size

      3KB

    • MD5

      1cc7c37b7e0c8cd8bf04b6cc283e1e56

    • SHA1

      0b9519763be6625bd5abce175dcc59c96d100d4c

    • SHA256

      9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

    • SHA512

      7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      Badlion Client.exe

    • Size

      134.1MB

    • MD5

      d409118ee6393a7fb2837136d3a91452

    • SHA1

      97f9c3bb965696f282d391f72ac8f8d03d969f38

    • SHA256

      7e68928814344eb199b4d13f05d0ab244e22c2c066716cd12822c611f261c2e2

    • SHA512

      691f703f6936dc36cf3e8353bf0b1f7bbf92b94d6fa3838493fdc53e5441ce8a75d9d1ea6fc5d6a895961cb0da682a0471ef42cfe74d54dfa8b216fffd2e08b5

    • SSDEEP

      1572864:DyhU9i4Qmh8AxfjKhRh+10tb8lc6i/R60t:SEjV0D/w0t

    Score
    8/10
    defense_evasiondiscoveryexecutionpersistence

    • Drops file in Drivers directory

    • Adds Run key to start application

      persistence

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

      defense_evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral13behavioral14

    • Target

      LICENSES.chromium.html

    • Size

      5.2MB

    • MD5

      27206d29e7a2d80ee16f7f02ee89fb0f

    • SHA1

      3cf857751158907166f87ed03f74b40621e883ef

    • SHA256

      2282bc8fe1798971d5726d2138eda308244fa713f0061534b8d9fbe9453d59ab

    • SHA512

      390c490f7ff6337ee701bd7fc866354ef1b821d490c54648459c382ba63c1e8c92229e1b089a3bd0b701042b7fa9c6d2431079fd263e2d6754523fce200840e2

    • SSDEEP

      12288:/7etnqnVnMnBnunQ9RBvjYJEi400/Q599b769B9UOE6MwMGucMEbHDuX0YnpWQZO:sFEc5FeWSPZza8yUMmfSHCHWJ4pps

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      VMProtectSDK32.dll

    • Size

      98KB

    • MD5

      17011601817dd00866b681d4a0bd90f2

    • SHA1

      d6ad7087f54182b47a9a6776fab90cb03e95f80c

    • SHA256

      6ff20283e407a0f2829e4fa6def121cd63d715dd6582847ae2d6fc379ac40927

    • SHA512

      1e41669c920ac65fea5fd0e5704430dd371893155d5f33674ad6eec011ec16bf4969b01e2b9b28c561d131a032b599e0479931221819c677140d1b272d121abb

    • SSDEEP

      1536:OT33kLmdI52QC2mCYKw2cr2RhXbZ9qu/nDw2a1+YRroJQusWMIcdwv0YXowGF:mhQC2mCYK3RhrZ9dPk2Q9yMJwv0YRG

    Score
    3/10
    discovery
    behavioral17behavioral18

    • Target

      VMProtectSDK64.dll

    • Size

      116KB

    • MD5

      6540242ff58d08c8849268cf305445b8

    • SHA1

      ba0d0c8875ed96f137dcb28aeff873373b994eee

    • SHA256

      889553cce491767b38df153b567b6da682709925dd7a1c23f12c6d53a9fb18c2

    • SHA512

      073e44196cd0c4cdb1cb5004cca59da80e09b97c70b83f212344ec7b262f1a3a4ebdbdf059d9bdbc228545b49a269a8363b1db9180ff6565c94797b19cd3c515

    • SSDEEP

      3072:LmcqYHq7Aiytzg2ScpvgJcG5sqYX6U4HDlBS:q0Hq7AiyegZgJZSXwjH

    Score
    1/10
    behavioral19behavioral20

    • Target

      api-ms-win-core-console-l1-1-0.dll

    • Size

      18KB

    • MD5

      3463d82d90601b441cf024c92abe4acc

    • SHA1

      eac8fdafccbc1beb17386552922770bfe12ec1eb

    • SHA256

      49ac9f317d0adfc3761d6ff0d32844be70cc78e2af18319c9a2e2ec2a44d672e

    • SHA512

      ff4fe61c7dc5f8eb7012cc4867d7212cbf965ec786dfdfa8c74ecad8c582c4ac1107aa2876e5f11066908fbd07c1b353dc67060c28199a7e21d57adbdddac977

    • SSDEEP

      192:5wkETRQWfhWpBxQmLuDBks/nGfe4pBjSHM4+O38WebtuVaVWQ4CWaeOBqnaj87XD:BWfhW1Q7q0GftpBjj4+1ZFtl9V+H

    Score
    1/10
    behavioral21

    • Target

      api-ms-win-core-datetime-l1-1-0.dll

    • Size

      18KB

    • MD5

      ac3c4cafa028297da5037781f1156220

    • SHA1

      937c2b11c7fe4effc16e67af716563aee2419a0f

    • SHA256

      0f0cec83da06f06e9c42ffded72fa69c51efed881def2b4b7b88274bc1bf3d40

    • SHA512

      a2d1135f497e3831f14369978ae6a5ff74106d9d4ea0407548b6c336a1082bddd196424b292c799ce60270182c13e148971039cf29241e76203b069ebf7bb72b

    • SSDEEP

      192:fWfhWphuivT16uDBks/nGfe4pBjSHcKaRrJL2TI8WebtuVaVWQ4CWiRqnajjpxfk:fWfhWDTvT1Nq0GftpBjpanZ/RlBPin

    Score
    1/10
    behavioral22

    • Target

      api-ms-win-core-debug-l1-1-0.dll

    • Size

      18KB

    • MD5

      8c0531639f58f79b5b67b52edebb01bd

    • SHA1

      866f3ca8819440e0ba67eb935e688509f86ce1e3

    • SHA256

      a20dc11ab10769b38cafb701c2d08810c8aa61350f0b33ae7838ff5c26edf956

    • SHA512

      d6ddcb814d7f507df03bd5fb378eae3bf30f31d0cbb41136382469297033965763dc20e68dc50108eeb5fb5996d167cf21b29dbdc0ea163521607e1cc75f7d9a

    • SSDEEP

      192:1WfhWweivT16uDBks/nGfe4pBjS72Ek7KHwDoG8WebtuVaVWQ4+WoRmqnajiPNQJ:1WfhWqvT1Nq0GftpBjGmKQDcZZ8lgeL1

    Score
    1/10
    behavioral23

    • Target

      api-ms-win-core-errorhandling-l1-1-0.dll

    • Size

      18KB

    • MD5

      2a3c5cbe313f4105dce8a79f533e5959

    • SHA1

      26e6768280c83217ccbe36f3a405381defec12b9

    • SHA256

      79cb8a8781feb448fe051e90ccaf3d6ecdfac12c1ad4bba2730aa1f0a229c31e

    • SHA512

      e24ba69254b445a62add1d58269ee99841c36049f639671a311bfc0f60d965e6a8d79a67375eb0d3ee3be8cf998f182ff03291f0709ae2155bbee924708dd8c2

    • SSDEEP

      384:VvPWfhWBR4Zq0GftpBjITKpgZ3pWl3u7gFO:VvUG47iV2Bz

    Score
    1/10
    behavioral24

    • Target

      api-ms-win-core-file-l1-1-0.dll

    • Size

      21KB

    • MD5

      4215700161720c767e725b1f7fc358ab

    • SHA1

      6e31fa39775c1c6c60fe8869761c31148b0a8019

    • SHA256

      38e535e9a79cd72e3f5e3c0ec9c97a18e86d480a504ea6c85854a6f70b302c3a

    • SHA512

      8c93f4021544ffafa37665efcbfa2c4d23742573e695766c637c9449a39af5ea0de114c821a5c50b886ed1ab0f0a2be0fdda164884d73f7488402cfa2137e5b6

    • SSDEEP

      384:HBPvVXWWfhWkQ7q0GftpBjNhZjl78oS/i:hPvVX3Oi9Laa

    Score
    1/10
    behavioral25

    • Target

      concrt140.dll

    • Size

      325KB

    • MD5

      14b7a99127ca18df05dd1f5be3ac0245

    • SHA1

      991891bb1ea603a002941696697f48cfe52cf94b

    • SHA256

      511aba3d00b9925e7bc64e2132d77a76c1fd9e9d200ec0ef864b7a0f00c68995

    • SHA512

      80f1a6cd377e62c96979fb4cf50d70e3005623c8debdb3c55dd27e5bae9dd46328d18066e59501ecac13ee96533f3b5189fcc93b4aadaf376ef6a2455ea7eff5

    • SSDEEP

      6144:EMVzSHmHM61wfScgh70p2pKd/6D5St2O/TXgl+iAnWzgNTdRI+r5y:EYz49/p2ppMibzaW

    Score
    1/10
    behavioral26behavioral27

    • Target

      d3dcompiler_47.dll

    • Size

      4.3MB

    • MD5

      7641e39b7da4077084d2afe7c31032e0

    • SHA1

      2256644f69435ff2fee76deb04d918083960d1eb

    • SHA256

      44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

    • SHA512

      8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

    • SSDEEP

      49152:aYlc/220PPiMLKam+VMrLi21f4i3jn5ZO3XUDmOZQwVd2uQpN3WsGVUWd55i/jrs:a6KD2Mrdaix4NQnLt

    Score
    1/10
    behavioral28

    • Target

      discord-rpc.dll

    • Size

      390KB

    • MD5

      5882c37b79bae47a0d090006564edb22

    • SHA1

      ac7bbbdb1d34eb763d8db4ef7875a50f700e9d48

    • SHA256

      5cc2e504800cf4ed2f4781364f661ea22349658ddc391b5d54195e573109d87b

    • SHA512

      d4a6a1a36842dd1c8b2162168807b990e0d491a908e11b52ebf11174a67f818b131607c2122dbb484f5d946418a05a1a84d42e1468bef5c98ec3fcff7d225ccd

    • SSDEEP

      6144:TnQCrLe2xJLChxTC+LxTYXrHJZ5upQtXsK+62C3wh+0U1c5xrunBLko:TnQCrLXxgvU7v8ph7+0kHB7

    Score
    1/10
    behavioral29behavioral30

    • Target

      ffmpeg.dll

    • Size

      2.6MB

    • MD5

      2fc7f6b0abd1af4988e30e58e8310291

    • SHA1

      9d553d0ca4f13bf2ce07d850344cb1ca70bea0a6

    • SHA256

      b08a720802c6dc662247e52658499ce9f87211e0d88343fb0326a1ce9abc5e8b

    • SHA512

      cdcad781dae26a565fe07dec861c5f47a0861e308a275da529aadc9f4dd03778b40ba8b9e8b7cc3042b7d543cef6ec38f8e79761a7d6c5fe639872ed23d799c2

    • SSDEEP

      49152:A14LZeiXTFI6vTD9MxCAJ0qsOw0FZnHzKedVLes+/EnvIS:V7hMxjk0vB

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discovery
Score
4/10

behavioral2

discovery
Score
4/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

defense_evasiondiscoveryexecution
Score
8/10

behavioral14

defense_evasiondiscoveryexecutionpersistence
Score
8/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10