Overview

overview

7

Static

static

1

BlueStacks...==.exe

windows10-1703-x64

7

BlueStacks...==.exe

windows11-21h2-x64

4

Resubmissions

12/06/2024, 22:51

240612-2s3s4axfkj 7

Sharing

Copy URL Twitter E-mail

General

  • Target

    BlueStacks10Installer_10.41.210.1001_native_4da362c74ca1a4ea726d73365d4e9250_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe

  • Size

    910KB

  • Sample

    240612-2s3s4axfkj

  • MD5

    d2c72208f8783ec83b123324e8093cc1

  • SHA1

    4afbc9f19f8a194bccd5216e05083e0d7617fff0

  • SHA256

    52ed4671a31c8529f2ba3027e25080c842d09f0517fe64e844f93d619cb4dd26

  • SHA512

    03b7c6511e32f9822a42182776b2f862bae7627a2df374f874df05f3d46f90857a37afaf12d7d29a960f5d22536878dea9240c5872d84c9835663d219c5d531a

  • SSDEEP

    24576:0ivtCXWeGK69Txt9OkcXGgrwPgZNYtOvLm:xtCXWPXvz5cXGcwPgZOtcLm

Score
7/10
discoveryevasionpersistencespywarestealer

Malware Config

Targets

    • Target

      BlueStacks10Installer_10.41.210.1001_native_4da362c74ca1a4ea726d73365d4e9250_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe

    • Size

      910KB

    • MD5

      d2c72208f8783ec83b123324e8093cc1

    • SHA1

      4afbc9f19f8a194bccd5216e05083e0d7617fff0

    • SHA256

      52ed4671a31c8529f2ba3027e25080c842d09f0517fe64e844f93d619cb4dd26

    • SHA512

      03b7c6511e32f9822a42182776b2f862bae7627a2df374f874df05f3d46f90857a37afaf12d7d29a960f5d22536878dea9240c5872d84c9835663d219c5d531a

    • SSDEEP

      24576:0ivtCXWeGK69Txt9OkcXGgrwPgZNYtOvLm:xtCXWPXvz5cXGcwPgZOtcLm

    Score
    7/10
    discoveryevasionpersistencespywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Downloads MZ/PE file

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

2
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Peripheral Device Discovery

1
T1120

Process Discovery

1
T1057

Query Registry

4
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks