Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    BlueStacksMicroInstaller_5.14.22.1003_native.exe

  • Size

    900KB

  • Sample

    240406-hkleasch5z

  • MD5

    4611f5bcd1dce6d2d0e0bfafdbc70c84

  • SHA1

    5f22f6540e4ce5f2c6e5b9bb1d2f1af8f5779128

  • SHA256

    71c0651f04787a0b9d1c997b5026cc388f798e608c6049d44daea58669a3eba2

  • SHA512

    a62165ae66a6e21da73da7a31285a1f901495c192be729ec249b278cd6b3093107f4ea315ea82d572d72755e30b77b8ce87a515e14a57fc22a4c86466bddffd3

  • SSDEEP

    24576:9ivtCXWeGKoFGMO0Ut0gnMAsw6DqpOYYR5:AtCXWP9c8+M3ZT5

Malware Config

Targets

    • Target

      BlueStacksMicroInstaller_5.14.22.1003_native.exe

    • Size

      900KB

    • MD5

      4611f5bcd1dce6d2d0e0bfafdbc70c84

    • SHA1

      5f22f6540e4ce5f2c6e5b9bb1d2f1af8f5779128

    • SHA256

      71c0651f04787a0b9d1c997b5026cc388f798e608c6049d44daea58669a3eba2

    • SHA512

      a62165ae66a6e21da73da7a31285a1f901495c192be729ec249b278cd6b3093107f4ea315ea82d572d72755e30b77b8ce87a515e14a57fc22a4c86466bddffd3

    • SSDEEP

      24576:9ivtCXWeGKoFGMO0Ut0gnMAsw6DqpOYYR5:AtCXWP9c8+M3ZT5

    • Stops running service(s)

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Downloads MZ/PE file

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks