General

  • Target

    BlueStacksInstaller_5.21.0.1043_native_51e0fedbd354946831003e8498a3b3cf_MDs1LDM7MTUsMTsxNSw0OzE1.exe

  • Size

    910KB

  • Sample

    240302-3j92gsag96

  • MD5

    80ff5d3b21f79bef9376b9a8867167da

  • SHA1

    9f282460ebc7297939c8f8dc0daa667e18a45d0a

  • SHA256

    1e6004b45a0f41da07ca7e3cfe7530ebddaebfad05c13023ca16cef94b9265a0

  • SHA512

    4c12153afa3ad66ab2cb6fdcd11ff868eead53f879b06c3f05fe9c5196c8c47b90206a5f88571783ecc203495738fc48508f8bcc679d0e82f9536556c58ba9b2

  • SSDEEP

    12288:CivtCXQd0gjKX7zuqGKcD779TxgE98I17YpNgc8gJ67yY9lAFmNek7ra8MDVFnKg:CivtCXWeGKc9Txt9Okc/WmSrLbLvhYh

Malware Config

Targets

    • Target

      BlueStacksInstaller_5.21.0.1043_native_51e0fedbd354946831003e8498a3b3cf_MDs1LDM7MTUsMTsxNSw0OzE1.exe

    • Size

      910KB

    • MD5

      80ff5d3b21f79bef9376b9a8867167da

    • SHA1

      9f282460ebc7297939c8f8dc0daa667e18a45d0a

    • SHA256

      1e6004b45a0f41da07ca7e3cfe7530ebddaebfad05c13023ca16cef94b9265a0

    • SHA512

      4c12153afa3ad66ab2cb6fdcd11ff868eead53f879b06c3f05fe9c5196c8c47b90206a5f88571783ecc203495738fc48508f8bcc679d0e82f9536556c58ba9b2

    • SSDEEP

      12288:CivtCXQd0gjKX7zuqGKcD779TxgE98I17YpNgc8gJ67yY9lAFmNek7ra8MDVFnKg:CivtCXWeGKc9Txt9Okc/WmSrLbLvhYh

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Downloads MZ/PE file

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks