Overview

overview

8

Static

static

1

URLScan

urlscan

1

https://www.bluestac...

windows10-1703-x64

8

Resubmissions

15/06/2024, 19:46

240615-yhfc9ssfpd 8

15/06/2024, 19:45

240615-ygc7hssfna 1

15/06/2024, 19:34

240615-yah47awfnn 1

Sharing

Copy URL Twitter E-mail

General

  • Target

    https://www.bluestacks.com/bluestacks-5.html?utm_source=Google&utm_medium=CPC&utm_campaign=aw-ded-tier1-eng-bluestacks5-industry&utm_source=google&utm_campaign=12328978978&utm_medium=ad&utm_content=523252340576&utm_term=android%20emulator%20pc&gad_source=1&gclid=Cj0KCQjw97SzBhDaARIsAFHXUWDOKGW_cOlZ_XZq9fzI4hMm-b16naSqCAuMiM0u0c15opZ2YQB6f-QaAq_hEALw_wcB

  • Sample

    240615-yhfc9ssfpd

Score
8/10
discoveryevasionexecutionpersistence

Malware Config

Targets

    • Target

      https://www.bluestacks.com/bluestacks-5.html?utm_source=Google&utm_medium=CPC&utm_campaign=aw-ded-tier1-eng-bluestacks5-industry&utm_source=google&utm_campaign=12328978978&utm_medium=ad&utm_content=523252340576&utm_term=android%20emulator%20pc&gad_source=1&gclid=Cj0KCQjw97SzBhDaARIsAFHXUWDOKGW_cOlZ_XZq9fzI4hMm-b16naSqCAuMiM0u0c15opZ2YQB6f-QaAq_hEALw_wcB

    Score
    8/10
    discoveryevasionexecutionpersistence

    • Downloads MZ/PE file

    • Modifies Windows Firewall

      evasion

    • Stops running service(s)

      evasionexecution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks