Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    BlueStacks10Installer_10.4.70.1002_native_b91c48101bfc7a192845165c24b6b96c_MzsxNSwwOzUsMTsxNSw0OzE1.exe

  • Size

    899KB

  • Sample

    231116-3hs2ksbf47

  • MD5

    fed49c1d7213ed9907974d72af383d5b

  • SHA1

    820c57f167ad2ec371a4a2b2435496395d77b578

  • SHA256

    2e3df69c779df08163bdc0366f7dcb66b1a1c49e1dff33d21c98753a65abc089

  • SHA512

    5446b84243d7a604cded3fcf7383d7ff0fdfba2bcf43c439f3edfe02ab3050b9cd612d93c61521696899c500d571d98dedde1eff6b076955c1fc6dfdf7e32026

  • SSDEEP

    12288:livtCXQd0gjKX7zuqGKEFGPDy1xrqNFpMUFtlMx9T7FBZguJrwzncLuwng:livtCXWeGKEFGXFmUBOvhEzncL5ng

Malware Config

Targets

    • Target

      BlueStacks10Installer_10.4.70.1002_native_b91c48101bfc7a192845165c24b6b96c_MzsxNSwwOzUsMTsxNSw0OzE1.exe

    • Size

      899KB

    • MD5

      fed49c1d7213ed9907974d72af383d5b

    • SHA1

      820c57f167ad2ec371a4a2b2435496395d77b578

    • SHA256

      2e3df69c779df08163bdc0366f7dcb66b1a1c49e1dff33d21c98753a65abc089

    • SHA512

      5446b84243d7a604cded3fcf7383d7ff0fdfba2bcf43c439f3edfe02ab3050b9cd612d93c61521696899c500d571d98dedde1eff6b076955c1fc6dfdf7e32026

    • SSDEEP

      12288:livtCXQd0gjKX7zuqGKEFGPDy1xrqNFpMUFtlMx9T7FBZguJrwzncLuwng:livtCXWeGKEFGXFmUBOvhEzncL5ng

    • Downloads MZ/PE file

    • Modifies Windows Firewall

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks