Resubmissions

09-07-2024 17:41

240709-v9f74awcpm 7

09-07-2024 17:40

240709-v816waxfrf 5

09-07-2024 17:26

240709-v1ctbavgpm 8

General

  • Target

    BlueStacks10Installer_10.41.218.1001_native_c75d25f7ed2ec41cea2157098d2f8da2_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe

  • Size

    911KB

  • Sample

    240709-v1ctbavgpm

  • MD5

    05cd50890a8efa95d686384d2d96c530

  • SHA1

    ad496d950142315aa8662edb002549e84d3de424

  • SHA256

    6d996f70f6b9f99e4ae0aad1f28d224c84c22194551ca4e21f56127eb563faea

  • SHA512

    6dc050e3c6577299ba4bcc306d1866ddea3eb2499f75f1de96e435d03f03b0ccf4021602be0eb6c816d7a0e81ce29590de247a084d67e88a64fa6ced4043bcf3

  • SSDEEP

    24576:bivtCXWeGKM8WolR74uEFQWa3GZllJCGt3:+tCXWPIWofUuCQWa25JN3

Malware Config

Targets

    • Target

      BlueStacks10Installer_10.41.218.1001_native_c75d25f7ed2ec41cea2157098d2f8da2_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe

    • Size

      911KB

    • MD5

      05cd50890a8efa95d686384d2d96c530

    • SHA1

      ad496d950142315aa8662edb002549e84d3de424

    • SHA256

      6d996f70f6b9f99e4ae0aad1f28d224c84c22194551ca4e21f56127eb563faea

    • SHA512

      6dc050e3c6577299ba4bcc306d1866ddea3eb2499f75f1de96e435d03f03b0ccf4021602be0eb6c816d7a0e81ce29590de247a084d67e88a64fa6ced4043bcf3

    • SSDEEP

      24576:bivtCXWeGKM8WolR74uEFQWa3GZllJCGt3:+tCXWPIWofUuCQWa25JN3

    • Stops running service(s)

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Downloads MZ/PE file

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks