Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

BlueStacks...ve.exe

windows7-x64

4

BlueStacks...ve.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BlueStacksMicroInstaller_5.14.22.1003_native.exe

  • Size

    900KB

  • Sample

    240406-hkleasch5z

  • MD5

    4611f5bcd1dce6d2d0e0bfafdbc70c84

  • SHA1

    5f22f6540e4ce5f2c6e5b9bb1d2f1af8f5779128

  • SHA256

    71c0651f04787a0b9d1c997b5026cc388f798e608c6049d44daea58669a3eba2

  • SHA512

    a62165ae66a6e21da73da7a31285a1f901495c192be729ec249b278cd6b3093107f4ea315ea82d572d72755e30b77b8ce87a515e14a57fc22a4c86466bddffd3

  • SSDEEP

    24576:9ivtCXWeGKoFGMO0Ut0gnMAsw6DqpOYYR5:AtCXWP9c8+M3ZT5

Score
8/10
discoveryevasionpersistencespywarestealer

Malware Config

Targets

    • Target

      BlueStacksMicroInstaller_5.14.22.1003_native.exe

    • Size

      900KB

    • MD5

      4611f5bcd1dce6d2d0e0bfafdbc70c84

    • SHA1

      5f22f6540e4ce5f2c6e5b9bb1d2f1af8f5779128

    • SHA256

      71c0651f04787a0b9d1c997b5026cc388f798e608c6049d44daea58669a3eba2

    • SHA512

      a62165ae66a6e21da73da7a31285a1f901495c192be729ec249b278cd6b3093107f4ea315ea82d572d72755e30b77b8ce87a515e14a57fc22a4c86466bddffd3

    • SSDEEP

      24576:9ivtCXWeGKoFGMO0Ut0gnMAsw6DqpOYYR5:AtCXWP9c8+M3ZT5

    Score
    8/10
    discoveryevasionpersistencespywarestealer

    • Stops running service(s)

      evasion

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Downloads MZ/PE file

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Defense Evasion

Impair Defenses

2
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

2
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Peripheral Device Discovery

1
T1120

Process Discovery

1
T1057

Query Registry

5
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Service Stop

1
T1489

Tasks