General

  • Target

    Bluestacks.exe

  • Size

    82.3MB

  • Sample

    240309-sawsdsbb6w

  • MD5

    53dc6effef082481a582f82103a9b67a

  • SHA1

    bb60a4acb80da5caac2bea3c48e2e3bee8008aff

  • SHA256

    2b0bd3205f032277dfb324debdb75af80b47ae7a7ded0e3cd1a36596f25f3633

  • SHA512

    f6e19268991c2f8f1bc1b1169139d9b1c593348492bed3c819612267e520cdcdee71a1aed14029154b05c08eb2f17e3b0f0e290c511daea26d64fb61b6f7f4ed

  • SSDEEP

    1572864:J/WHHr90/uSk/QYMfO0MxwKLorrXmz8oifcxjgnrcIzOAEsNsAtnbRP57:J/8L9EuSkmOXXLKrXmzcIgbqAz/1D7

Malware Config

Targets

    • Target

      Bluestacks.exe

    • Size

      82.3MB

    • MD5

      53dc6effef082481a582f82103a9b67a

    • SHA1

      bb60a4acb80da5caac2bea3c48e2e3bee8008aff

    • SHA256

      2b0bd3205f032277dfb324debdb75af80b47ae7a7ded0e3cd1a36596f25f3633

    • SHA512

      f6e19268991c2f8f1bc1b1169139d9b1c593348492bed3c819612267e520cdcdee71a1aed14029154b05c08eb2f17e3b0f0e290c511daea26d64fb61b6f7f4ed

    • SSDEEP

      1572864:J/WHHr90/uSk/QYMfO0MxwKLorrXmz8oifcxjgnrcIzOAEsNsAtnbRP57:J/8L9EuSkmOXXLKrXmzcIgbqAz/1D7

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      Your information.exe

    • Size

      158.3MB

    • MD5

      3de6fa8d295fc135b08940248b7d72c1

    • SHA1

      c222f8e1b3671d7f2b1a6266036e03694e3825d1

    • SHA256

      441c7f81716edb497068b6fc5c8ff780545a3133a8be5aecdb984ef26329fb5d

    • SHA512

      13a2eadc9d5f8a15a27039416320fa9a3abd066879033c3d4dd38702d95e86b66bc3c73c5186cf80b27ae257d8a7785b244bae9e7910bf84043dfffecba367a7

    • SSDEEP

      1572864:SdPcKUXsjgWcPlYufjnCtdTG1pTkvqN3PN5g9qPKFTQyun+9qS/ALy/s88IcgDFf:F1os5I8Ax

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      locales/de.pak

    • Size

      477KB

    • MD5

      7ccdc41a3dbdf89058d71629225664ae

    • SHA1

      e15c35b18685d9573349ff4247733b5f5ada8717

    • SHA256

      163ea4c2cf67edd0526a8e18d3810872e92a1d4e17b5cf4f04107fda5967b0c9

    • SHA512

      13b20b0db02a0a7480c56c79304ef594353507e1a30da0130b73aa8e9ec7636f306315a6f40729b10dc725f936642d2e2b282ed3040a079a6f25a7f9f7f1ae28

    • SSDEEP

      6144:hHb3YfHLHsf63K7UpTzighla/nxDUBEmw3Am0o268dz5qRwT1MROI+ChF:yzY63K7UpCgvaPhf0p5q9+ChF

    Score
    1/10
    • Target

      resources/elevate.exe

    • Size

      105KB

    • MD5

      792b92c8ad13c46f27c7ced0810694df

    • SHA1

      d8d449b92de20a57df722df46435ba4553ecc802

    • SHA256

      9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

    • SHA512

      6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

    • SSDEEP

      3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks