Overview

overview

8

Static

static

BlueStacks...ve.exe

windows7-x64

8

BlueStacks...ve.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BlueStacksMicroInstaller_5.10.110.1002_native.exe

  • Size

    797KB

  • Sample

    230202-pcs8haab3t

  • MD5

    0eae90ce111984e1383dbcab75115da8

  • SHA1

    109f68927cbdd34c1d68e281d6f16faee83c71dc

  • SHA256

    73c05ae808cf58122419e61258a8f3deeb1d0609f84b58438cf89f8c1ba45e14

  • SHA512

    af13b646ced539dd169f7ad0a094a2afa2a9670bb033cf8b894c8f6f3a7fc62a10d954bf2462abe6b81900c30425ec5ed627c70ec09273d5b7353d1b065bb7ab

  • SSDEEP

    12288:zivtCXQd0RYK1qv6qQdeRPHKmL3PYFrmlbBk4/XEPhIdcXXjdJ:zivtCXF1qv6qQOqqPYWtk4/Xw+dcD3

Score
8/10
discoveryevasion

Malware Config

Targets

    • Target

      BlueStacksMicroInstaller_5.10.110.1002_native.exe

    • Size

      797KB

    • MD5

      0eae90ce111984e1383dbcab75115da8

    • SHA1

      109f68927cbdd34c1d68e281d6f16faee83c71dc

    • SHA256

      73c05ae808cf58122419e61258a8f3deeb1d0609f84b58438cf89f8c1ba45e14

    • SHA512

      af13b646ced539dd169f7ad0a094a2afa2a9670bb033cf8b894c8f6f3a7fc62a10d954bf2462abe6b81900c30425ec5ed627c70ec09273d5b7353d1b065bb7ab

    • SSDEEP

      12288:zivtCXQd0RYK1qv6qQdeRPHKmL3PYFrmlbBk4/XEPhIdcXXjdJ:zivtCXF1qv6qQOqqPYWtk4/Xw+dcD3

    Score
    8/10
    discoveryevasion

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks