df1dc6af8819034c43c6e0b5131ef552e119b017ca3b7c0ef50d162a8a5afa51

Sharing

Copy URL

Twitter E-mail

General

Target

Badlion Client Setup 4.4.0.exe
Size

132.7MB
Sample

240919-dd7xhaxepn
MD5

788bd7a8dfabf1bf0335593b48ff0c01
SHA1

b95077e06713dad907fdd97e07759232b4b99f88
SHA256

df1dc6af8819034c43c6e0b5131ef552e119b017ca3b7c0ef50d162a8a5afa51
SHA512

74a521430c1b9fbd4e6c2b0977fb6b6e30737d1afda0c63cf17043575115fb50cb5cb70cef93970422ea8bad78c95e21c59d77124e5bc17af43185d5c4581b5e
SSDEEP

3145728:XATm4rQlvAmHqgVbdd0QP07bY+wMOM0RN/dkdqOsHsGZns6HJjBEiuL:QC4rQ5THdpd0Q6bTwa4N/+qOsMGZns8O

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  Badlion Client Setup 4.4.0.exe
- Size
  
  132.7MB
- MD5
  
  788bd7a8dfabf1bf0335593b48ff0c01
- SHA1
  
  b95077e06713dad907fdd97e07759232b4b99f88
- SHA256
  
  df1dc6af8819034c43c6e0b5131ef552e119b017ca3b7c0ef50d162a8a5afa51
- SHA512
  
  74a521430c1b9fbd4e6c2b0977fb6b6e30737d1afda0c63cf17043575115fb50cb5cb70cef93970422ea8bad78c95e21c59d77124e5bc17af43185d5c4581b5e
- SSDEEP
  
  3145728:XATm4rQlvAmHqgVbdd0QP07bY+wMOM0RN/dkdqOsHsGZns6HJjBEiuL:QC4rQ5THdpd0Q6bTwa4N/+qOsMGZns8O
Score

4^/10

discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  15KB
- MD5
  
  ba2cc9634ebed71cea697a31144af802
- SHA1
  
  8221c522b24f4808f66a476381db3e6455eab5c3
- SHA256
  
  9a3c2fe5490c34f73f1a05899ef60cfef05e0c9599cd704e524ef7a46ead67ba
- SHA512
  
  dcc74bcedd9402f7ac7e2d1872fe0e2876ae93cf8bbd869d5b9b7b56cea244ba8d2891fa2b51382092b86480337936f5ec495d9005d47fbfd9e2b71cb7f6ba8f
- SSDEEP
  
  384:Zhyd8Y6pu8ZaLf6Uksnw1g8BUcyHisUVb:Zhyd8Y67WGg8B/EiF
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  14KB
- MD5
  
  adb29e6b186daa765dc750128649b63d
- SHA1
  
  160cbdc4cb0ac2c142d361df138c537aa7e708c9
- SHA256
  
  2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
- SHA512
  
  b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
- SSDEEP
  
  192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Badlion Client.exe
- Size
  
  168.9MB
- MD5
  
  8ec84e9c59e29b954a4bc1eb559ff4db
- SHA1
  
  a8ac6061240aca6ed6625558e0abd7e61c98f7dc
- SHA256
  
  f6a14bc4f038640b5823b50515d933691cfe77a86bb78044f5e1a166507b49f4
- SHA512
  
  9ef1261f118e8afc39aa3fa3464e10a12649e21f05be00ca906b9382a33ec26866bbf7043f3663a0b686fc21dd41141ae2a7abae8d8ef8a97a15553b874404f9
- SSDEEP
  
  1572864:RHHt7MS+5eN4KyKpaRpOxS/krGAbJr3OIrMrpA98836lPCXg+ir70aDmyEgiAKLK:5ZMzBOBylar+
Score

8^/10

persistence
- Drops file in Drivers directory
- Adds Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral13
- Target
  
  LICENSES.chromium.html
- Size
  
  9.8MB
- MD5
  
  b620990ddbd932d6475152e5a833860e
- SHA1
  
  70de0b3d7ffa77900f685c1788b32997a61ec386
- SHA256
  
  921452a09f92f10da4cfef0521acd6ee6c689c630661ed35189e793de2c99fc5
- SHA512
  
  ba84b5e6281dd64d5da41d0db35942b6c0b1ee6b47d24dedd5006be40b2d22d90f58dc653e17893347900fb1bfcd37b0f2fff5b532175ccacc3b63d98fe42ac7
- SSDEEP
  
  24576:K+QQM6Ms6x5d1n+wRhXe1BmfEl6k6T6W6b6f6V6GeGj/3BIpx:LUcBeGdY
Score

3^/10

discovery
behavioral14 behavioral15
- Target
  
  VMProtectSDK32.dll
- Size
  
  98KB
- MD5
  
  17011601817dd00866b681d4a0bd90f2
- SHA1
  
  d6ad7087f54182b47a9a6776fab90cb03e95f80c
- SHA256
  
  6ff20283e407a0f2829e4fa6def121cd63d715dd6582847ae2d6fc379ac40927
- SHA512
  
  1e41669c920ac65fea5fd0e5704430dd371893155d5f33674ad6eec011ec16bf4969b01e2b9b28c561d131a032b599e0479931221819c677140d1b272d121abb
- SSDEEP
  
  1536:OT33kLmdI52QC2mCYKw2cr2RhXbZ9qu/nDw2a1+YRroJQusWMIcdwv0YXowGF:mhQC2mCYK3RhrZ9dPk2Q9yMJwv0YRG
Score

3^/10

discovery
behavioral16 behavioral17
- Target
  
  VMProtectSDK64.dll
- Size
  
  116KB
- MD5
  
  6540242ff58d08c8849268cf305445b8
- SHA1
  
  ba0d0c8875ed96f137dcb28aeff873373b994eee
- SHA256
  
  889553cce491767b38df153b567b6da682709925dd7a1c23f12c6d53a9fb18c2
- SHA512
  
  073e44196cd0c4cdb1cb5004cca59da80e09b97c70b83f212344ec7b262f1a3a4ebdbdf059d9bdbc228545b49a269a8363b1db9180ff6565c94797b19cd3c515
- SSDEEP
  
  3072:LmcqYHq7Aiytzg2ScpvgJcG5sqYX6U4HDlBS:q0Hq7AiyegZgJZSXwjH
Score

1^/10
behavioral18 behavioral19
- Target
  
  api-ms-win-core-console-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  3463d82d90601b441cf024c92abe4acc
- SHA1
  
  eac8fdafccbc1beb17386552922770bfe12ec1eb
- SHA256
  
  49ac9f317d0adfc3761d6ff0d32844be70cc78e2af18319c9a2e2ec2a44d672e
- SHA512
  
  ff4fe61c7dc5f8eb7012cc4867d7212cbf965ec786dfdfa8c74ecad8c582c4ac1107aa2876e5f11066908fbd07c1b353dc67060c28199a7e21d57adbdddac977
- SSDEEP
  
  192:5wkETRQWfhWpBxQmLuDBks/nGfe4pBjSHM4+O38WebtuVaVWQ4CWaeOBqnaj87XD:BWfhW1Q7q0GftpBjj4+1ZFtl9V+H
Score

1^/10
behavioral20
- Target
  
  api-ms-win-core-datetime-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  ac3c4cafa028297da5037781f1156220
- SHA1
  
  937c2b11c7fe4effc16e67af716563aee2419a0f
- SHA256
  
  0f0cec83da06f06e9c42ffded72fa69c51efed881def2b4b7b88274bc1bf3d40
- SHA512
  
  a2d1135f497e3831f14369978ae6a5ff74106d9d4ea0407548b6c336a1082bddd196424b292c799ce60270182c13e148971039cf29241e76203b069ebf7bb72b
- SSDEEP
  
  192:fWfhWphuivT16uDBks/nGfe4pBjSHcKaRrJL2TI8WebtuVaVWQ4CWiRqnajjpxfk:fWfhWDTvT1Nq0GftpBjpanZ/RlBPin
Score

1^/10
behavioral21
- Target
  
  api-ms-win-core-debug-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  8c0531639f58f79b5b67b52edebb01bd
- SHA1
  
  866f3ca8819440e0ba67eb935e688509f86ce1e3
- SHA256
  
  a20dc11ab10769b38cafb701c2d08810c8aa61350f0b33ae7838ff5c26edf956
- SHA512
  
  d6ddcb814d7f507df03bd5fb378eae3bf30f31d0cbb41136382469297033965763dc20e68dc50108eeb5fb5996d167cf21b29dbdc0ea163521607e1cc75f7d9a
- SSDEEP
  
  192:1WfhWweivT16uDBks/nGfe4pBjS72Ek7KHwDoG8WebtuVaVWQ4+WoRmqnajiPNQJ:1WfhWqvT1Nq0GftpBjGmKQDcZZ8lgeL1
Score

1^/10
behavioral22
- Target
  
  api-ms-win-core-errorhandling-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  2a3c5cbe313f4105dce8a79f533e5959
- SHA1
  
  26e6768280c83217ccbe36f3a405381defec12b9
- SHA256
  
  79cb8a8781feb448fe051e90ccaf3d6ecdfac12c1ad4bba2730aa1f0a229c31e
- SHA512
  
  e24ba69254b445a62add1d58269ee99841c36049f639671a311bfc0f60d965e6a8d79a67375eb0d3ee3be8cf998f182ff03291f0709ae2155bbee924708dd8c2
- SSDEEP
  
  384:VvPWfhWBR4Zq0GftpBjITKpgZ3pWl3u7gFO:VvUG47iV2Bz
Score

1^/10
behavioral23
- Target
  
  api-ms-win-core-file-l1-1-0.dll
- Size
  
  21KB
- MD5
  
  4215700161720c767e725b1f7fc358ab
- SHA1
  
  6e31fa39775c1c6c60fe8869761c31148b0a8019
- SHA256
  
  38e535e9a79cd72e3f5e3c0ec9c97a18e86d480a504ea6c85854a6f70b302c3a
- SHA512
  
  8c93f4021544ffafa37665efcbfa2c4d23742573e695766c637c9449a39af5ea0de114c821a5c50b886ed1ab0f0a2be0fdda164884d73f7488402cfa2137e5b6
- SSDEEP
  
  384:HBPvVXWWfhWkQ7q0GftpBjNhZjl78oS/i:hPvVX3Oi9Laa
Score

1^/10
behavioral24
- Target
  
  api-ms-win-core-file-l1-2-0.dll
- Size
  
  18KB
- MD5
  
  285e3257c5a12d3384cd3f5a3ae941b2
- SHA1
  
  c05f6a72b73bc7ec8409ed42ccd947f501da0166
- SHA256
  
  8355bf70788c00fb1a17bc4160bcdc6930fa219b85473e08138efc10136d90eb
- SHA512
  
  f1ee0689b02e6a6e95940c1b3c2cc6902f3e04db44f4d767a1e68a890b7b3733b28c1d86f1f361f0db8b1ee955f5f5bca86b758b8f2e93d94b5bc4d469187df5
- SSDEEP
  
  192:egWfhWwhivT16uDBks/nGfe4pBjS7o9sf8WebtuVaVWQ4+WTnUqnajiPNQLyhB:BWfhWlvT1Nq0GftpBjs0Z1lgeLyB
Score

1^/10
behavioral25
- Target
  
  api-ms-win-core-file-l2-1-0.dll
- Size
  
  18KB
- MD5
  
  72d542226f067dae07562fd093b0f5f0
- SHA1
  
  c0f7f85753bb351c51dd8e36ca2366a3b24c73ba
- SHA256
  
  e8e3550084cf30e16b16216266bc73b07c1a05bbfd94ee3f645122d3d167d7e6
- SHA512
  
  2fbf32b38852def53891a73b9b33f33de96ca09102baa8c37f02d1b3d5076b26d2a32f2e79aab1009dc5b2464abf50c956c797ba4321fd37ea13900753a1d182
- SSDEEP
  
  384:rVKWfhWUC77q0GftpBj/3uOHZZZD7lGi3+4zTT:rVj8iR31ZTDbVvT
Score

1^/10
behavioral26
- Target
  
  api-ms-win-core-handle-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  3b620d81c727a8aba6dc6895af695d35
- SHA1
  
  21641bc6c802d0ada3121d14c2a8de4e708c74bc
- SHA256
  
  9aa764023ddb501050f43d1af0ff87f592ed14c4f022ba58270c3315386141b0
- SHA512
  
  54af2248017db94ef81a5c4ba6496127f1e305e292bd165563929dd88ad756b15edb5f0e2e3da367581c0c9cd92e04699e28bcac12130299949b13267414d228
- SSDEEP
  
  192:gWfhWpJJo7kuDBks/nGfe4pBjSH/72+R8WebtuVaVWQ4CWlW1Bqnaj87X/f4CXkZ:gWfhWnC77q0GftpBjMMZPHl9V+HW
Score

1^/10
behavioral27
- Target
  
  api-ms-win-core-heap-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  d54e0da17090c6911db3fd0770faf91e
- SHA1
  
  5538096f53b4160ef2e91987d57d2da0ddb9b6ba
- SHA256
  
  17415ecd7f34def148a91defe99155b71c8048e253315b2d24d499b99207f618
- SHA512
  
  680142c329f6ab44cfeb7eb1572f296918866c9ca3ac9e66ae13ef38d79dadac9bf367e6dc6655c7e404cb6b243f3518639acd9cbcd9a37da5812823d43886d3
- SSDEEP
  
  192:zZliWfhWNuVTBuDBks/nGfe4pBjSfC0Zj8WebtuVaVWQ4yWrVqnaj6Q8vwSEitH0:1liWfhWkTMq0GftpBjh5Z4l78oS/Tm
Score

1^/10
behavioral28
- Target
  
  api-ms-win-core-interlocked-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  2ca477f1799fc97d6bd05437bdfd0017
- SHA1
  
  31feb0b42e9237cddc5e47c3f4a076de86ca600e
- SHA256
  
  e81e0d9b2b09524e5790617547bb8bd8ef3dacdd001bd19057c4f8943d996227
- SHA512
  
  c0c991341619548e6944a78a090e1dd942140342d8cb77f41ba559b56034dc46a3ac731d2e2e67a7de1f6a65e26ca0c6a3eb358124a03eab55c2b5d061b64717
- SSDEEP
  
  192:XWfhWw6ivT16uDBks/nGfe4pBjS7118WebtuVaVWQ4+WwCqnajjpxf5in0o:XWfhWqvT1Nq0GftpBj5ZElBPinb
Score

1^/10
behavioral29
- Target
  
  api-ms-win-core-libraryloader-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  d6db1a6b5087a82e766fe7e9f818c135
- SHA1
  
  d786b2d8ab10edf0e893fcfbf52b03bceb15f53a
- SHA256
  
  f9457d0ddfa864e4bb383759bd7bbae961098055216b0b7d7d40c11084a1561d
- SHA512
  
  6118ed237839a49567340aca7a76d8ea366537942da060d4afc0399a88603f7f02a93c061be4475f35599d3cab8233f3925a491f4aa094bfbecd2adc5d3e65f1
- SSDEEP
  
  384:3vuBL3BtWfhW1Q7q0GftpBjqeZ6vSlxBup:mBL3Bq9i0e9+
Score

1^/10
behavioral30
- Target
  
  api-ms-win-core-localization-l1-2-0.dll
- Size
  
  20KB
- MD5
  
  55902b92bbbca7a2d11a946297f583e6
- SHA1
  
  b6158f009d98a98ed2e56d377f9c4b6323b852fc
- SHA256
  
  2dea4ae5df0f7daa37e26dd0f9232f867884f57e850aa85062594b54f3a81e98
- SHA512
  
  85e0df8a390260e4e0cc0a9372dfd3c55464486812926775a5f9f5767157b88783e03701b1f1c28f34e822b21ea7436c3e8270df58f8de3ec1b15f68b633f4fd
- SSDEEP
  
  384:DmDEhROMw3zdp3bwjGjue9/0jCRrndbPgWfhWk80aq0GftpBjgNZa7q3lxBug:xOMwBprwjGjue9/0jCRrndbJciqNzj
Score

1^/10
behavioral31
- Target
  
  api-ms-win-core-memory-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  8fc176a3a6550f90e73d6da8445e8780
- SHA1
  
  5d249243678a789ce56037d0d1b36420d97dce06
- SHA256
  
  65bd14bfc1f14c35e345412ba5e9642e7f6c286f95de014c0f3af100e88b4467
- SHA512
  
  808daa3369df6704151b67f246eed90cc32d9110653faf06e973b97900003c8b7dc26095abf420d5c078e9546699c4b3debaf410819cd6060d3feb481576eefa
- SSDEEP
  
  192:gOWfhWpHJo7kuDBks/nGfe4pBjSHubs1nfi8WebtuVaVWQ4CWRXqnajnp+MVo/4t:gOWfhWlC77q0GftpBjU1VZ0ldBogfxW
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Drops file in Drivers directory

Adds Run key to start application

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32