Overview

overview

8

Static

static

3

Badlion Cl....0.exe

windows7-x64

4

Badlion Cl....0.exe

windows10-2004-x64

4

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

Badlion Client.exe

windows7-x64

8

Badlion Client.exe

windows10-2004-x64

8

LICENSES.c...m.html

windows7-x64

3

LICENSES.c...m.html

windows10-2004-x64

3

VMProtectSDK32.dll

windows7-x64

3

VMProtectSDK32.dll

windows10-2004-x64

3

VMProtectSDK64.dll

windows7-x64

1

VMProtectSDK64.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

concrt140.dll

windows7-x64

1

concrt140.dll

windows10-2004-x64

1

d3dcompiler_47.dll

windows10-2004-x64

1

discord-rpc.dll

windows7-x64

1

discord-rpc.dll

windows10-2004-x64

1

ffmpeg.dll

windows7-x64

1

ffmpeg.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    03-08-2024 00:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LICENSES.chromium.html

  • Size

    5.2MB

  • MD5

    27206d29e7a2d80ee16f7f02ee89fb0f

  • SHA1

    3cf857751158907166f87ed03f74b40621e883ef

  • SHA256

    2282bc8fe1798971d5726d2138eda308244fa713f0061534b8d9fbe9453d59ab

  • SHA512

    390c490f7ff6337ee701bd7fc866354ef1b821d490c54648459c382ba63c1e8c92229e1b089a3bd0b701042b7fa9c6d2431079fd263e2d6754523fce200840e2

  • SSDEEP

    12288:/7etnqnVnMnBnunQ9RBvjYJEi400/Q599b769B9UOE6MwMGucMEbHDuX0YnpWQZO:sFEc5FeWSPZza8yUMmfSHCHWJ4pps

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2176

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    8e9b85097922b86e9335f6ea9bd8ecce

    SHA1

    57997ed9576e02b331be3a53f1e4f142059a4ae4

    SHA256

    cfc66a0787227333d38ff1e54228f8e6469d1a68c8669c70634cf7a6691a1486

    SHA512

    bd3d429d4ef2495926b3e11cd434643b7fce99b68e3272a8bad48e6a9ffc5ad096af4419dccdc5adf6802ce283279d3a4c9f4abd0bd43683f982b9231267bfc3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    04ff69cb7710e00b0160beb7b8ca0bd8

    SHA1

    ae02350847a6b41dad9c24f6a3f50eb601a1749e

    SHA256

    4d3fe94c695ca2d3df3044073b30bfd93c815aa08eceecc87a05d3466bfa0014

    SHA512

    f9367512b6603127a727874facdd0995f977312824dbc9c764f13b6704703d33943d47d62686d560fe11f65ffe03412fb4adf2557ffec8efe145f237d42808ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    364c6989ede9f28fd183945494059087

    SHA1

    fbf5a5604ca947d1905c8a9fded5018d5fce76dd

    SHA256

    2323cb715cebf44d3f3b02ad57cfd311fdd5c12b61624b7a08de17a046f17c3b

    SHA512

    de75ee5f7cc6111d9b5d3cad8ac32790becbbf91b02edda6da550e3f27ae1ca9cd3b39eef4c0b34fc7b490c3bfc3916a6eadbcc66d5af4d98bea2783bcc93887

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    7cbfc2de76cf7cb3aaf366d2ff8598e1

    SHA1

    e222156d8c52249369c723a1ec5250633c73859d

    SHA256

    cb1c19db06133ab67a5929625de2ebb782f9064b85a67423069f8d6d4ed21c04

    SHA512

    d0a462817de137d16aa7bdd92946b2ef50eab3cf8bcf2e29d2bd62802a15a8f0f6a6b51f3ca6e112a531b87051d8818ba08cf81d2374d757f9e28c1cde8de1bc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    367fdb7b93d525160ba6bb7addc61e7a

    SHA1

    5f56b177ce0257b550ec35bb09aaa119dc2800ed

    SHA256

    b002c1a8b9e4343f0ae65df9ad732cc73e038961b34ccf17af762ba86afdb8d8

    SHA512

    e7f0fda714f0d11874e4ba186b597600aa77bac2ba7e2f6060f20394f0e0612443c18af778a28b0c35d6dd6a9118fd449606f2d0677ae2665002fe45feabf2a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    2488dd93e56deccaed6fcef9140ecab8

    SHA1

    7b4a922d936f48d5664cb11bb8d79870da37d198

    SHA256

    d3ca2f2fcf79f9f4dccabbee6ca00ea1c0e600786f49df38ebc6cf9a0bc59cf1

    SHA512

    30109da12e0aa3d68d2141529f2df43471851dc859378df08d02b153ab8ca0c280f35b0e959f2a1d75719279a56548934b029c23412f1cca3fabe2deb9e21ae0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    05ef27e959772eaa706a07d95370c3c7

    SHA1

    465d69f1177f8e7777be93dd4c5bb8d3b89632bd

    SHA256

    b2b188c970284445580b92a749e61842448207035b04176ddaf9ad7ae181c483

    SHA512

    3641b7eba014116d267efaba93a08c3a4461478dade052dda070bae69b3cdaafd8ded96af96a4e2e9be318f97670896e7d3dfdf38c104460c37f5ca957ed58b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    4965fa227986dcc87fd4f9bbaf36a6e2

    SHA1

    eff39be614243c09e459e5a09ec083199b6e0d4c

    SHA256

    1c8c36648c46d2128283bcd2abfdc9cbc275f71f7fab1e4d57d5b295019ec40f

    SHA512

    d9b5bdd33e03d67adb692985d50326de2e4435b63c3a4e35ec18ba8002c3fd86e8d67481b63b85055b2bdfeaf003395eeaadcf639aa1232d4b4ffdf25e7be5aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    96a7e75f897a0ec2a8e1b8a73d273fc8

    SHA1

    6f6dc586858ea6b2ac984dcc3da1f4f2f691b3cd

    SHA256

    3268006cc87328003fe63499021156ffe344b757c8ac7d3da8acdb763e6714d2

    SHA512

    579da8c189a4a2dfec8768ffe917b8cd6b4106710c98b3decc6c56eecce454d7a910e955bbd27eb2b726d18f6fac8501caf044900af08317851fcaf437d21909

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    cbeff038466ead27d33166caef9c9c80

    SHA1

    00c3665a3eb01ae4c6e31863bf5c0bf23ac6fe7f

    SHA256

    eb38cda0af2780d1af98cc58edce6c38e5a12a30aa0dc68662ac4716372e74ec

    SHA512

    0a074d610e4adb8e96facf391d7979624d2f906f0efa1dd365c344ba681f23c7b25fedd03f95495b65a58f676c2e3061a1e8507ddbed1c2345399e8c06cc9680

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    7289b53ae1741fe5324ac74b46387b3a

    SHA1

    648facad3f67a2cbf6931ea30e2852506089731b

    SHA256

    1b153188d68cccaa376ebdc80cfa626b3ac539f0fef2e791b626fe96552af0e1

    SHA512

    2b3e29950246c0f60252ba41f59a9e74178c3ac769e1113c6286fd952a14fca07f8be722c5c3c7873a82ed7cb48de92a90905a33a963433df60311b458fb51b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFDA3.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFF5B.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit