f826bc4549da45da0a68e9b33bb17383e43c27c99302a34808e02b4c170639ef

Sharing

Copy URL

Twitter E-mail

General

Target

BattleBorns 1.0.0.exe
Size

73.6MB
Sample

250122-je84vawkfj
MD5

d7eab533e4d6aaa2c1939f5e0c4a08a6
SHA1

5ea83a365059420227d97a426c60639e12696293
SHA256

f826bc4549da45da0a68e9b33bb17383e43c27c99302a34808e02b4c170639ef
SHA512

dd834b0a54fb058c39af81d0ba5c74f4234360847552ae62c51b38faf0b3d9dd2d7f62606d730f1ffa09dfee4d1d82d66f816fba9dcde1a817fb5a3bf110fb52
SSDEEP

1572864:XLdkaYfm2idlAvEmBJhr0uyWXdwiI0aUANk4/yHqdRt38oFHcz7:X2tOlAcmPyuwiI0OaKF88+7

Score

8^/10

Malware Config

Targets

- Target
  
  BattleBorns 1.0.0.exe
- Size
  
  73.6MB
- MD5
  
  d7eab533e4d6aaa2c1939f5e0c4a08a6
- SHA1
  
  5ea83a365059420227d97a426c60639e12696293
- SHA256
  
  f826bc4549da45da0a68e9b33bb17383e43c27c99302a34808e02b4c170639ef
- SHA512
  
  dd834b0a54fb058c39af81d0ba5c74f4234360847552ae62c51b38faf0b3d9dd2d7f62606d730f1ffa09dfee4d1d82d66f816fba9dcde1a817fb5a3bf110fb52
- SSDEEP
  
  1572864:XLdkaYfm2idlAvEmBJhr0uyWXdwiI0aUANk4/yHqdRt38oFHcz7:X2tOlAcmPyuwiI0OaKF88+7
Score

8^/10

discovery credential_access spyware stealer
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  BattleBorns.exe
- Size
  
  168.1MB
- MD5
  
  c0bd81a62fb42064a4476b7e65a25d2f
- SHA1
  
  49d6b03cb58716d529782ab67353a7e0ffcc5074
- SHA256
  
  ace9638b241865efe2a4a218b5831eb4236b92ec30f17fd31a6162b19162e63e
- SHA512
  
  d56145f3b90e453cde1f5329bdd46d15e0c3c2fe28d2b712d4366a65f3dd6eea1f18a4addca970736334f417096d78b7318e86a662cf49b69f176a7422ae4de2
- SSDEEP
  
  1572864:kgRMg/aKxl4b7qCDQtjovZT78wLF2pArKgDz6ObiISXD+Dyj3eRalD2kGpTe/2Hk:og/geeFXzGa9Fz
Score

8^/10

credential_access discovery spyware stealer
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
behavioral7 behavioral8
- Target
  
  LICENSES.chromium.html
- Size
  
  8.7MB
- MD5
  
  bd0ced1bc275f592b03bafac4b301a93
- SHA1
  
  68776b7d9139588c71fbc51fe15243c9835acb67
- SHA256
  
  ad35e72893910d6f6ed20f4916457417af05b94ab5204c435c35f66a058d156b
- SHA512
  
  5052ae32dae0705cc29ea170bcc5210b48e4af91d4ecec380cb4a57ce1c56bc1d834fc2d96e2a0f5f640fcac8cafe4a4fdd0542f26ca430d76aa8b9212ba77aa
- SSDEEP
  
  24576:KPQQ/6MP6P5d1n+wRcXe1Lmfpm6k626D6b6+eGnkywBIpv:Cy8OeG8k
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  d3dcompiler_47.dll
- Size
  
  4.7MB
- MD5
  
  2191e768cc2e19009dad20dc999135a3
- SHA1
  
  f49a46ba0e954e657aaed1c9019a53d194272b6a
- SHA256
  
  7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d
- SHA512
  
  5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970
- SSDEEP
  
  49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l
Score

1^/10
behavioral11
- Target
  
  ffmpeg.dll
- Size
  
  2.7MB
- MD5
  
  8f3d89744ae11b0925faf4b64890d0d7
- SHA1
  
  6a8f744be1f76e9ad28287d969d8d24f5f1e7623
- SHA256
  
  11daf2bf89a3ac660533b3e487e0624668b35f45d2bd94e9b0324bce8758de60
- SHA512
  
  250c06e70276c08d3d8a63744af6c570b6288e1d8fed8deed915c79bf0a80c3cd0a7e64c55a16fcbc50ccbcbc9910b26f87983ceeea8ed28a75c1b8ec22db53f
- SSDEEP
  
  49152:G9T1onpO0KVy2xq6To8i4BZy7+niuoen6yfzv9x0WFJDI:upKNMo8rBYinp/FFJM
Score

1^/10
behavioral12 behavioral13
- Target
  
  libEGL.dll
- Size
  
  468KB
- MD5
  
  f1fe23058e7eece1de389a0c882bc1ad
- SHA1
  
  e83b15d2bbcb6fb2867651a2a9797ed3b6827947
- SHA256
  
  a4336a318e8d92a47843d5fe429dc6d1ff7271d8bac189d719bc8074a128fd6e
- SHA512
  
  d7d51fcb05542fa81e871dd9f1dd960c363107d1c25311dcbf81e440d1275054c121a788def8dbae47c129e95fd990042e2d39e6ef2bdfb253a114146eb33973
- SSDEEP
  
  3072:0Jk+JyNnPUXhbZ/+a1KYsjNDsrJg3qkrzxwbP6wvEMrwrD7Qy/x6TYtaoB+YEB0+:qbTcZ6+lOP9rmD7QMYYtaFy951wj5ze
Score

1^/10
behavioral14 behavioral15
- Target
  
  libGLESv2.dll
- Size
  
  7.3MB
- MD5
  
  76141455cd2705897d38e9785117e405
- SHA1
  
  ee091646b6273bf006cfcd84fd54384b0a9d0e0f
- SHA256
  
  7b0baa9e2e731716efe3e0bebf6a0bcd2d64f35d9f62b20d23acb4e098c9be36
- SHA512
  
  551b79aaffdc469448477aa72554458235f118559eecc567c232599a4193b2639c14eafacad533485089af58701aeabee690b43f36e41342f928d4973efc02e1
- SSDEEP
  
  98304:9x8EI0RtffaYFH3lV5D3u31okx/6bXm3q:LhXfTFHmoKgCq
Score

1^/10
behavioral16 behavioral17
- Target
  
  resources/app.asar.unpacked/node_modules/@primno/dpapi/dist/index.js
- Size
  
  412B
- MD5
  
  0b33e83d33b01a51625a0fdcbef42ce3
- SHA1
  
  1c29d999ff7da39426b97f2eb31a3d83db8f5fc7
- SHA256
  
  a7ff0225cb5ebcbef8499c6c8ac2be924f584eb375dacb1d8bd3dc6540b510f2
- SHA512
  
  1d04caf4fc2e876bdf2a089ae938a41fe4d3f2928aa846709bafd2de236fa8c754fcc84d7e8a5f5734bc1cecc04b395ab9d2114945b35e8c85cd3b9ee8f9799c
Score

3^/10

execution
behavioral18 behavioral19
- Target
  
  resources/app.asar.unpacked/node_modules/@primno/dpapi/prebuilds/win32-x64/node.napi.node
- Size
  
  137KB
- MD5
  
  04bfbfec8db966420fe4c7b85ebb506a
- SHA1
  
  939bb742a354a92e1dcd3661a62d69e48030a335
- SHA256
  
  da2172ce055fa47d6a0ea1c90654f530abed33f69a74d52fab06c4c7653b48fd
- SHA512
  
  4ea97a9a120ed5bee8638e0a69561c2159fc3769062d7102167b0e92b4f1a5c002a761bd104282425f6cee8d0e39dbe7e12ad4e4a38570c3f90f31b65072dd65
- SSDEEP
  
  3072:94PTD6FEzMju6bzJKjpEPeTOKvJhEnww+YbRYvPuq:94jQju6b9KilKvJurR8W
Score

1^/10
behavioral20 behavioral21
- Target
  
  resources/app.asar.unpacked/node_modules/classic-level/binding.js
- Size
  
  54B
- MD5
  
  5592afbf198fe53d9640fceae506ad91
- SHA1
  
  f6dc07d408612af023f29d9a89e4d4316cc313a0
- SHA256
  
  4e02fde8f9c61fef6fc42d64744b150de29a578dd7b6343d9dc2654c68d61843
- SHA512
  
  3cae4007e91816ae95323c907800e4fa5dc5dbf25bfc43abd4e84b3dc1c45daf5d5610c3bf8c24cae4001ca1042f984dc787e99daf6c5f89725a28913f43968a
Score

3^/10

execution
behavioral22 behavioral23
- Target
  
  resources/app.asar.unpacked/node_modules/classic-level/chained-batch.js
- Size
  
  740B
- MD5
  
  dbbfd85c2242e79d2612f3533eb89812
- SHA1
  
  bf56b74c2dc700375ef15c7930476e30b3baa6fb
- SHA256
  
  33704ce152c1766575c2281a614577a4717da58de11a8a539ecb3d8a21462c3c
- SHA512
  
  8e92e44c7dc296654422c80add587fb81cd68115babb210488030a55485f8f606774a5ba7ec6ca3a145badbe610b7a03b734503bb729d2968387879a0d948144
Score

3^/10

execution
behavioral24 behavioral25
- Target
  
  resources/app.asar.unpacked/node_modules/classic-level/deps/leveldb/leveldb-1.20/build_detect_platform
- Size
  
  8KB
- MD5
  
  3021cc5b1c3d933bdb00788bf5300774
- SHA1
  
  7cbc10024c233b38e2dbecf662195412372d1ffc
- SHA256
  
  2ef00646363c66676faaea740fdddf845eb935e421813893251a4274c35d27cb
- SHA512
  
  b0a00cc576b8b79b5406fc7af0ab59ce84cbd60646f522f3d3db7f18637a3a2b7cc4d74367bf61f3ed304a944489ddfd5b3acdbb69335c78101fcc9ebdfbfdde
- SSDEEP
  
  96:e6FS5141sR55rdhe7ZLVCB7jvlijCpb/5QykD9imU7aID4j8lDaMjjgA3aCn1zfu:T7NVCBEDceIuIe8OCzWl2inkQAlQb
Score

1^/10
behavioral26 behavioral27 behavioral28 behavioral29
- Target
  
  resources/app.asar.unpacked/node_modules/classic-level/index.js
- Size
  
  5KB
- MD5
  
  57ed9b7559387e176fda18bc6c5eeeab
- SHA1
  
  c9b9c636c189d08f2657dcb5e2d65c7cb36a4796
- SHA256
  
  4797dffb89c3243faa75271440059e9982c0ec11f23b56c943cf1bbefbf03976
- SHA512
  
  bacd50b5fdf7ea55133fcb4c3f0e1b1ae5996fd3946d55bc27f30221114b51dfb3d7d04af35939207453513746a3ebb01ef1f50db162a2a497684ae79c3cf56d
- SSDEEP
  
  96:9p1I7VTQm3dCdbmbh2AgRho1Fgf4D9vR5o1Fgfxy9vKLQWi75ctGIORkyzDy/HP:D1I7VMm3dChUh9U61Fc455S1FcxAa0cb
Score

3^/10

execution
behavioral30 behavioral31
- Target
  
  resources/app.asar.unpacked/node_modules/classic-level/iterator.js
- Size
  
  2KB
- MD5
  
  57ad1dd550f7f71c7344eafd6708bdc4
- SHA1
  
  93735c53ae9341e32486fcb0bf4d683d2f05a3bb
- SHA256
  
  20e41a3c897aa1acd2abc9390b12d522ba401010cd6562698dfc1b9f98b2f6ca
- SHA512
  
  fa8ec62f661f8b25118cb15247567b2cee7aefec85d3384b61260671d4ade9c862de0734dd7a281ad9ba346631dfd8dc2d5d5ce17aeb42753677eb9478579aaa
Score

3^/10

execution
behavioral32