6006c51c2533c319b423010f72c7cca70913311323604f4e2ed7e297eb6d44ec | Triage

Sharing

General

Target

BlueStacks10Installer_10.0.20.1012_native_7e64d003a429ad5c9f9cba5d903cd01d_MzsxNSwwOzUsMTsxNSw0OzE1.exe
Size

892KB
Sample

230520-rqwxnacg27
MD5

83d07ce704fed3b934a4b692e3dca8ad
SHA1

21d5e1a9c209d6764cc7b42eee4d332815e6c980
SHA256

6006c51c2533c319b423010f72c7cca70913311323604f4e2ed7e297eb6d44ec
SHA512

b9f7f50cb506f6e2b35635c0ce4b50984eb342b459ad9954d6368dfb0a8eed93f0269e54ffdf91e82770ac780e970ff106e91dc6406adcdd743d3446a9b43471
SSDEEP

12288:bivtCXQd0gjKX7zuqGKoFGPDy1xSrIWKemQpbsQlpI3QL16k89mTYG3If:bivtCXWeGKoFGdWunIAEkhT3Yf

Score

8^/10

discovery evasion

Malware Config

Targets

- Target
  
  BlueStacks10Installer_10.0.20.1012_native_7e64d003a429ad5c9f9cba5d903cd01d_MzsxNSwwOzUsMTsxNSw0OzE1.exe
- Size
  
  892KB
- MD5
  
  83d07ce704fed3b934a4b692e3dca8ad
- SHA1
  
  21d5e1a9c209d6764cc7b42eee4d332815e6c980
- SHA256
  
  6006c51c2533c319b423010f72c7cca70913311323604f4e2ed7e297eb6d44ec
- SHA512
  
  b9f7f50cb506f6e2b35635c0ce4b50984eb342b459ad9954d6368dfb0a8eed93f0269e54ffdf91e82770ac780e970ff106e91dc6406adcdd743d3446a9b43471
- SSDEEP
  
  12288:bivtCXQd0gjKX7zuqGKoFGPDy1xSrIWKemQpbsQlpI3QL16k89mTYG3If:bivtCXWeGKoFGdWunIAEkhT3Yf
Score

8^/10

discovery evasion
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3