General
-
Target
BlueStacksMicroInstaller_4.280.1.1002_native_e8c808cb017c46f465f6562b28124796.exe
-
Size
1.2MB
-
Sample
240424-n4qq1she8z
-
MD5
b9aad0362d8ed8316b0ecc1cedb7fafd
-
SHA1
bec1947281d9f39a6bdf33c46fe1514214ec37fe
-
SHA256
8614abe7235f3750a5014e381149c51f0dce2b58aea794cfd4aaef91370ace08
-
SHA512
36eff8621ea91c081ed08116dc3dcfd19bfd970de0277790530e8807c8b5113a2df62693629d355b01a6bfb91a11ae28ca5295143072b8ac0d7d007a4360505f
-
SSDEEP
24576:UcVkKS/WtWrnngnnnKnanxNpDcexw6kPEmEi90YAVk8B1MxWl+2w0NNx29sWD9k9:UcB6WErnngnnnKnanzSexoNfv8B1Mk+K
Static task
static1
Behavioral task
behavioral1
Sample
BlueStacksMicroInstaller_4.280.1.1002_native_e8c808cb017c46f465f6562b28124796.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
BlueStacksMicroInstaller_4.280.1.1002_native_e8c808cb017c46f465f6562b28124796.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
BlueStacksMicroInstaller_4.280.1.1002_native_e8c808cb017c46f465f6562b28124796.exe
-
Size
1.2MB
-
MD5
b9aad0362d8ed8316b0ecc1cedb7fafd
-
SHA1
bec1947281d9f39a6bdf33c46fe1514214ec37fe
-
SHA256
8614abe7235f3750a5014e381149c51f0dce2b58aea794cfd4aaef91370ace08
-
SHA512
36eff8621ea91c081ed08116dc3dcfd19bfd970de0277790530e8807c8b5113a2df62693629d355b01a6bfb91a11ae28ca5295143072b8ac0d7d007a4360505f
-
SSDEEP
24576:UcVkKS/WtWrnngnnnKnanxNpDcexw6kPEmEi90YAVk8B1MxWl+2w0NNx29sWD9k9:UcB6WErnngnnnKnanzSexoNfv8B1Mk+K
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Adds Run key to start application
-
Downloads MZ/PE file
-
Legitimate hosting services abused for malware hosting/C2
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-