Overview

overview

8

Static

static

1

BlueStacks...E1.exe

windows7-x64

8

BlueStacks...E1.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BlueStacksInstaller_5.11.41.1005_native_9db1e01872c2f6a84e7f67138fe3e140_MzsxNSwwOzUsMTsxNSw0OzE1.exe

  • Size

    899KB

  • Sample

    230331-v6mkpscb36

  • MD5

    9f8a38bb72af8005f9ee7ad03d091aae

  • SHA1

    b1bb8838168cce0bec65209d6d9f677f8faefe39

  • SHA256

    9204ba83eb7eb818bc2b0e4d627e2bda31ce3aee8ee578115442262276e11746

  • SHA512

    1ca6e93f32aeef525554fc71330fb6c738a83307a55bc628d023ef59025960df03b8df0e43773e708236771b29cac25e981f6860d144c08f359ef3ff86fcfd82

  • SSDEEP

    12288:CivtCXQd0gjKX7zuqGKPFGPDy1x4Od57pn2riptda/L13uSEQRJyP/ZxG:CivtCXWeGKPFGF8KaAPEQLW/rG

Score
8/10
discoveryevasion

Malware Config

Targets

    • Target

      BlueStacksInstaller_5.11.41.1005_native_9db1e01872c2f6a84e7f67138fe3e140_MzsxNSwwOzUsMTsxNSw0OzE1.exe

    • Size

      899KB

    • MD5

      9f8a38bb72af8005f9ee7ad03d091aae

    • SHA1

      b1bb8838168cce0bec65209d6d9f677f8faefe39

    • SHA256

      9204ba83eb7eb818bc2b0e4d627e2bda31ce3aee8ee578115442262276e11746

    • SHA512

      1ca6e93f32aeef525554fc71330fb6c738a83307a55bc628d023ef59025960df03b8df0e43773e708236771b29cac25e981f6860d144c08f359ef3ff86fcfd82

    • SSDEEP

      12288:CivtCXQd0gjKX7zuqGKPFGPDy1x4Od57pn2riptda/L13uSEQRJyP/ZxG:CivtCXWeGKPFGF8KaAPEQLW/rG

    Score
    8/10
    discoveryevasion

    • Downloads MZ/PE file

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks