Extracted

• • Target

    Battly-Launcher-win.exe

  • Size

    188.1MB

  • MD5

    3b6b92297beb78efb283e0d2fa32fc19

  • SHA1

    b056d281a74d9e0fd7546bbed068a915608336e0

  • SHA256

    9cd7f45620bda9811e200380d3e43a3ea768c48d1240448c279b3321d3ae59b6

  • SHA512

    bb32b9529abe3fef0025cd8f81a4bcea6cffaa4b20112e9fbd57482b0f4ee092740afbcd788684fdae676bc7cebc17af491c9dae73b082cca31b9aabc3111463

  • SSDEEP

    3145728:IJcuNt6i+X0MdTUPo+YFawtU4odzw7Lm3436E7IkGl0BkChNw5+VTmms+B6Q87:UcuN7+QYFjmPz0Lm3J0wahNw5+VTTs+y

  Score

  10^/10

  discoveryexecutionspywarestealer

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory

  behavioral1