2e3df69c779df08163bdc0366f7dcb66b1a1c49e1dff33d21c98753a65abc089 | Triage

Sharing

General

Target

BlueStacks10Installer_10.4.70.1002_native_b91c48101bfc7a192845165c24b6b96c_MzsxNSwwOzUsMTsxNSw0OzE1.exe
Size

899KB
Sample

231116-3hs2ksbf47
MD5

fed49c1d7213ed9907974d72af383d5b
SHA1

820c57f167ad2ec371a4a2b2435496395d77b578
SHA256

2e3df69c779df08163bdc0366f7dcb66b1a1c49e1dff33d21c98753a65abc089
SHA512

5446b84243d7a604cded3fcf7383d7ff0fdfba2bcf43c439f3edfe02ab3050b9cd612d93c61521696899c500d571d98dedde1eff6b076955c1fc6dfdf7e32026
SSDEEP

12288:livtCXQd0gjKX7zuqGKEFGPDy1xrqNFpMUFtlMx9T7FBZguJrwzncLuwng:livtCXWeGKEFGXFmUBOvhEzncL5ng

Score

8^/10

discovery evasion persistence spyware stealer

Malware Config

Targets

- Target
  
  BlueStacks10Installer_10.4.70.1002_native_b91c48101bfc7a192845165c24b6b96c_MzsxNSwwOzUsMTsxNSw0OzE1.exe
- Size
  
  899KB
- MD5
  
  fed49c1d7213ed9907974d72af383d5b
- SHA1
  
  820c57f167ad2ec371a4a2b2435496395d77b578
- SHA256
  
  2e3df69c779df08163bdc0366f7dcb66b1a1c49e1dff33d21c98753a65abc089
- SHA512
  
  5446b84243d7a604cded3fcf7383d7ff0fdfba2bcf43c439f3edfe02ab3050b9cd612d93c61521696899c500d571d98dedde1eff6b076955c1fc6dfdf7e32026
- SSDEEP
  
  12288:livtCXQd0gjKX7zuqGKEFGPDy1xrqNFpMUFtlMx9T7FBZguJrwzncLuwng:livtCXWeGKEFGXFmUBOvhEzncL5ng
Score

8^/10

discovery evasion persistence spyware stealer
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryevasionpersistencespywarestealer