Resubmissions

22-08-2024 06:55

240822-hpsdeaxcjm 10

22-08-2024 06:51

240822-hmkksaxbmj 10

22-08-2024 06:13

240822-gyy2wasdph 10

General

  • Target

    Battly-Launcher-Windows.exe

  • Size

    112.1MB

  • Sample

    240822-hpsdeaxcjm

  • MD5

    03696da629e834c395f699847326448a

  • SHA1

    3529afa76451ed5beeeb0bb4a31f7cc8bc463aa6

  • SHA256

    9d8763451c2bd900dbf10e3cdb16132ec706b8e13dbd563aa15835d5b2d8cc4d

  • SHA512

    fca0ef778b3ab13cf01e3d39d4c7eb4a587f600ed8d5ab10a03a3061178609dc13a75f6cc736ec27ed9f40a2a554030217cc91a8bf982d42f460585102f1969b

  • SSDEEP

    3145728:SJcuNt6i+X0MdTUPo+YFawtU4odzp7emMT:qcuN7+QYFjmPztemE

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://www.battlylauncher.com

Targets

    • Target

      Battly-Launcher-Windows.exe

    • Size

      112.1MB

    • MD5

      03696da629e834c395f699847326448a

    • SHA1

      3529afa76451ed5beeeb0bb4a31f7cc8bc463aa6

    • SHA256

      9d8763451c2bd900dbf10e3cdb16132ec706b8e13dbd563aa15835d5b2d8cc4d

    • SHA512

      fca0ef778b3ab13cf01e3d39d4c7eb4a587f600ed8d5ab10a03a3061178609dc13a75f6cc736ec27ed9f40a2a554030217cc91a8bf982d42f460585102f1969b

    • SSDEEP

      3145728:SJcuNt6i+X0MdTUPo+YFawtU4odzp7emMT:qcuN7+QYFjmPztemE

    • Detected google phishing page

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Detected potential entity reuse from brand microsoft.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks