2b0bd3205f032277dfb324debdb75af80b47ae7a7ded0e3cd1a36596f25f3633

Sharing

Copy URL

Twitter E-mail

General

Target

Bluestacks.exe
Size

82.3MB
Sample

240309-sawsdsbb6w
MD5

53dc6effef082481a582f82103a9b67a
SHA1

bb60a4acb80da5caac2bea3c48e2e3bee8008aff
SHA256

2b0bd3205f032277dfb324debdb75af80b47ae7a7ded0e3cd1a36596f25f3633
SHA512

f6e19268991c2f8f1bc1b1169139d9b1c593348492bed3c819612267e520cdcdee71a1aed14029154b05c08eb2f17e3b0f0e290c511daea26d64fb61b6f7f4ed
SSDEEP

1572864:J/WHHr90/uSk/QYMfO0MxwKLorrXmz8oifcxjgnrcIzOAEsNsAtnbRP57:J/8L9EuSkmOXXLKrXmzcIgbqAz/1D7

Score

8^/10

Malware Config

Targets

- Target
  
  Bluestacks.exe
- Size
  
  82.3MB
- MD5
  
  53dc6effef082481a582f82103a9b67a
- SHA1
  
  bb60a4acb80da5caac2bea3c48e2e3bee8008aff
- SHA256
  
  2b0bd3205f032277dfb324debdb75af80b47ae7a7ded0e3cd1a36596f25f3633
- SHA512
  
  f6e19268991c2f8f1bc1b1169139d9b1c593348492bed3c819612267e520cdcdee71a1aed14029154b05c08eb2f17e3b0f0e290c511daea26d64fb61b6f7f4ed
- SSDEEP
  
  1572864:J/WHHr90/uSk/QYMfO0MxwKLorrXmz8oifcxjgnrcIzOAEsNsAtnbRP57:J/8L9EuSkmOXXLKrXmzcIgbqAz/1D7
Score

8^/10

persistence spyware stealer
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  Your information.exe
- Size
  
  158.3MB
- MD5
  
  3de6fa8d295fc135b08940248b7d72c1
- SHA1
  
  c222f8e1b3671d7f2b1a6266036e03694e3825d1
- SHA256
  
  441c7f81716edb497068b6fc5c8ff780545a3133a8be5aecdb984ef26329fb5d
- SHA512
  
  13a2eadc9d5f8a15a27039416320fa9a3abd066879033c3d4dd38702d95e86b66bc3c73c5186cf80b27ae257d8a7785b244bae9e7910bf84043dfffecba367a7
- SSDEEP
  
  1572864:SdPcKUXsjgWcPlYufjnCtdTG1pTkvqN3PN5g9qPKFTQyun+9qS/ALy/s88IcgDFf:F1os5I8Ax
Score

7^/10

persistence spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3 behavioral4
- Target
  
  locales/de.pak
- Size
  
  477KB
- MD5
  
  7ccdc41a3dbdf89058d71629225664ae
- SHA1
  
  e15c35b18685d9573349ff4247733b5f5ada8717
- SHA256
  
  163ea4c2cf67edd0526a8e18d3810872e92a1d4e17b5cf4f04107fda5967b0c9
- SHA512
  
  13b20b0db02a0a7480c56c79304ef594353507e1a30da0130b73aa8e9ec7636f306315a6f40729b10dc725f936642d2e2b282ed3040a079a6f25a7f9f7f1ae28
- SSDEEP
  
  6144:hHb3YfHLHsf63K7UpTzighla/nxDUBEmw3Am0o268dz5qRwT1MROI+ChF:yzY63K7UpCgvaPhf0p5q9+ChF
Score

1^/10
behavioral5 behavioral6
- Target
  
  resources/elevate.exe
- Size
  
  105KB
- MD5
  
  792b92c8ad13c46f27c7ced0810694df
- SHA1
  
  d8d449b92de20a57df722df46435ba4553ecc802
- SHA256
  
  9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
- SHA512
  
  6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
- SSDEEP
  
  3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score

1^/10
behavioral7 behavioral8