General

  • Target

    BlueStacks10Installer_10.41.210.1001_native_c60745bef2840a6297522126c047af08_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe

  • Size

    910KB

  • Sample

    240612-rhyraa1glq

  • MD5

    d2c72208f8783ec83b123324e8093cc1

  • SHA1

    4afbc9f19f8a194bccd5216e05083e0d7617fff0

  • SHA256

    52ed4671a31c8529f2ba3027e25080c842d09f0517fe64e844f93d619cb4dd26

  • SHA512

    03b7c6511e32f9822a42182776b2f862bae7627a2df374f874df05f3d46f90857a37afaf12d7d29a960f5d22536878dea9240c5872d84c9835663d219c5d531a

  • SSDEEP

    24576:0ivtCXWeGK69Txt9OkcXGgrwPgZNYtOvLm:xtCXWPXvz5cXGcwPgZOtcLm

Malware Config

Targets

    • Target

      BlueStacks10Installer_10.41.210.1001_native_c60745bef2840a6297522126c047af08_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe

    • Size

      910KB

    • MD5

      d2c72208f8783ec83b123324e8093cc1

    • SHA1

      4afbc9f19f8a194bccd5216e05083e0d7617fff0

    • SHA256

      52ed4671a31c8529f2ba3027e25080c842d09f0517fe64e844f93d619cb4dd26

    • SHA512

      03b7c6511e32f9822a42182776b2f862bae7627a2df374f874df05f3d46f90857a37afaf12d7d29a960f5d22536878dea9240c5872d84c9835663d219c5d531a

    • SSDEEP

      24576:0ivtCXWeGK69Txt9OkcXGgrwPgZNYtOvLm:xtCXWPXvz5cXGcwPgZOtcLm

    • Stops running service(s)

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Downloads MZ/PE file

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks