Overview

overview

7

Static

static

1

BlueStacks...zE.exe

windows7-x64

4

BlueStacks...zE.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BlueStacks10Installer_10.41.501.1001_native_7f08208f3f1d0145b5d9f9ad3fb65883_MzsxNSwwOzUsMTsxNSw0OzE1LA==_QnVzaW5lc3MgRW1waXJlOiBSaWNoTWFu.exe

  • Size

    912KB

  • Sample

    240807-cjq1ha1gjh

  • MD5

    1e04e52e6350fccae205836ceb331f38

  • SHA1

    15cb90096c3e0fbacb2ff1cab022bb385ea59eef

  • SHA256

    d5f4a1ee1638cc486dfdbf69f83e3459b37f26f5bdb046bd6b090147dec0d873

  • SHA512

    a49b47684be14d467dbbe65f2f7ff7ba93ee0af6d302050c186cad786dfdabbd39e97c11565e065b2463fa58cd430b695244cc2d05ff2e4e891a888423875cd2

  • SSDEEP

    12288:WivtCXQd0gjKX7zuqGKY5Ha3z1cNoaMt7bi7xgjL4kKaCHZMptFiquFhIK75cZm:WivtCXWeGKY8f7bi7qLERHSPuFqecZm

Score
7/10
discoveryevasionpersistenceprivilege_escalationspywarestealer

Malware Config

Targets

    • Target

      BlueStacks10Installer_10.41.501.1001_native_7f08208f3f1d0145b5d9f9ad3fb65883_MzsxNSwwOzUsMTsxNSw0OzE1LA==_QnVzaW5lc3MgRW1waXJlOiBSaWNoTWFu.exe

    • Size

      912KB

    • MD5

      1e04e52e6350fccae205836ceb331f38

    • SHA1

      15cb90096c3e0fbacb2ff1cab022bb385ea59eef

    • SHA256

      d5f4a1ee1638cc486dfdbf69f83e3459b37f26f5bdb046bd6b090147dec0d873

    • SHA512

      a49b47684be14d467dbbe65f2f7ff7ba93ee0af6d302050c186cad786dfdabbd39e97c11565e065b2463fa58cd430b695244cc2d05ff2e4e891a888423875cd2

    • SSDEEP

      12288:WivtCXQd0gjKX7zuqGKY5Ha3z1cNoaMt7bi7xgjL4kKaCHZMptFiquFhIK75cZm:WivtCXWeGKY8f7bi7qLERHSPuFqecZm

    Score
    7/10
    discoveryevasionpersistenceprivilege_escalationspywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Downloads MZ/PE file

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks