General
-
Target
BlueStacksXsetup.exe
-
Size
1.1MB
-
Sample
230924-wca59agf8w
-
MD5
6df424c55004064f017e0b39a2253448
-
SHA1
30182c240002c1bcfedb0d3b44b0e2c57a13a2db
-
SHA256
faeb588f777f567d3990e76a941cf406dc11f7079764325ebfee78cd7ffede29
-
SHA512
a09d3f7f9d173b176ad15e9ef94571dfac6783b6786258b300ff0ab83fcf16100c1ffbf1153648d9ff3de7b13bb967b59794f921f21285028be98411bd9e607f
-
SSDEEP
24576:+b69qHDABLqjL1M0HpccZoW6eq/oF5HPGys:5AtX60HpccGWRqwvGN
Static task
static1
Behavioral task
behavioral1
Sample
BlueStacksXsetup.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
BlueStacksXsetup.exe
Resource
win10-20230831-en
Malware Config
Extracted
44caliber
https://discord.com/api/webhooks/1155120137612034188/cdy5wHbWmzOOyiX6nZbn5OlBuBidB8er7f1281hl7JRUP1iVFGnh9s57SwGqJtsdtgrx
Targets
-
-
Target
BlueStacksXsetup.exe
-
Size
1.1MB
-
MD5
6df424c55004064f017e0b39a2253448
-
SHA1
30182c240002c1bcfedb0d3b44b0e2c57a13a2db
-
SHA256
faeb588f777f567d3990e76a941cf406dc11f7079764325ebfee78cd7ffede29
-
SHA512
a09d3f7f9d173b176ad15e9ef94571dfac6783b6786258b300ff0ab83fcf16100c1ffbf1153648d9ff3de7b13bb967b59794f921f21285028be98411bd9e607f
-
SSDEEP
24576:+b69qHDABLqjL1M0HpccZoW6eq/oF5HPGys:5AtX60HpccGWRqwvGN
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-