Overview
overview
8Static
static
3Bluestacks.exe
windows7-x64
7Bluestacks.exe
windows10-2004-x64
8Your information.exe
windows7-x64
1Your information.exe
windows10-2004-x64
7locales/de.ps1
windows7-x64
1locales/de.ps1
windows10-2004-x64
1resources/elevate.exe
windows7-x64
1resources/elevate.exe
windows10-2004-x64
1General
-
Target
Bluestacks.exe
-
Size
82.3MB
-
Sample
240309-sawsdsbb6w
-
MD5
53dc6effef082481a582f82103a9b67a
-
SHA1
bb60a4acb80da5caac2bea3c48e2e3bee8008aff
-
SHA256
2b0bd3205f032277dfb324debdb75af80b47ae7a7ded0e3cd1a36596f25f3633
-
SHA512
f6e19268991c2f8f1bc1b1169139d9b1c593348492bed3c819612267e520cdcdee71a1aed14029154b05c08eb2f17e3b0f0e290c511daea26d64fb61b6f7f4ed
-
SSDEEP
1572864:J/WHHr90/uSk/QYMfO0MxwKLorrXmz8oifcxjgnrcIzOAEsNsAtnbRP57:J/8L9EuSkmOXXLKrXmzcIgbqAz/1D7
Static task
static1
Behavioral task
behavioral1
Sample
Bluestacks.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Bluestacks.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Your information.exe
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
Your information.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
locales/de.ps1
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
locales/de.ps1
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
resources/elevate.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
resources/elevate.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
Bluestacks.exe
-
Size
82.3MB
-
MD5
53dc6effef082481a582f82103a9b67a
-
SHA1
bb60a4acb80da5caac2bea3c48e2e3bee8008aff
-
SHA256
2b0bd3205f032277dfb324debdb75af80b47ae7a7ded0e3cd1a36596f25f3633
-
SHA512
f6e19268991c2f8f1bc1b1169139d9b1c593348492bed3c819612267e520cdcdee71a1aed14029154b05c08eb2f17e3b0f0e290c511daea26d64fb61b6f7f4ed
-
SSDEEP
1572864:J/WHHr90/uSk/QYMfO0MxwKLorrXmz8oifcxjgnrcIzOAEsNsAtnbRP57:J/8L9EuSkmOXXLKrXmzcIgbqAz/1D7
Score8/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Your information.exe
-
Size
158.3MB
-
MD5
3de6fa8d295fc135b08940248b7d72c1
-
SHA1
c222f8e1b3671d7f2b1a6266036e03694e3825d1
-
SHA256
441c7f81716edb497068b6fc5c8ff780545a3133a8be5aecdb984ef26329fb5d
-
SHA512
13a2eadc9d5f8a15a27039416320fa9a3abd066879033c3d4dd38702d95e86b66bc3c73c5186cf80b27ae257d8a7785b244bae9e7910bf84043dfffecba367a7
-
SSDEEP
1572864:SdPcKUXsjgWcPlYufjnCtdTG1pTkvqN3PN5g9qPKFTQyun+9qS/ALy/s88IcgDFf:F1os5I8Ax
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
locales/de.pak
-
Size
477KB
-
MD5
7ccdc41a3dbdf89058d71629225664ae
-
SHA1
e15c35b18685d9573349ff4247733b5f5ada8717
-
SHA256
163ea4c2cf67edd0526a8e18d3810872e92a1d4e17b5cf4f04107fda5967b0c9
-
SHA512
13b20b0db02a0a7480c56c79304ef594353507e1a30da0130b73aa8e9ec7636f306315a6f40729b10dc725f936642d2e2b282ed3040a079a6f25a7f9f7f1ae28
-
SSDEEP
6144:hHb3YfHLHsf63K7UpTzighla/nxDUBEmw3Am0o268dz5qRwT1MROI+ChF:yzY63K7UpCgvaPhf0p5q9+ChF
Score1/10 -
-
-
Target
resources/elevate.exe
-
Size
105KB
-
MD5
792b92c8ad13c46f27c7ced0810694df
-
SHA1
d8d449b92de20a57df722df46435ba4553ecc802
-
SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
-
SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
-
SSDEEP
3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score1/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
1