General

  • Target

    RobloxSYN.exe.bin

  • Size

    14.7MB

  • Sample

    211013-cx45aadcek

  • MD5

    bcdcfae9a899b140f7687b95eaaf7122

  • SHA1

    12388fdb26324c23cfa970345cf7ce7182432865

  • SHA256

    bd88392632a744b882a1aef098c863cf01d429641d6a79509923498ebd93aab4

  • SHA512

    8c917e9cd5e25ad580a74958f6b8ec9847e5bd0467344378c860778b10ff0b2f23a387eec1205aadb0590db1bf52f85bc78094cd505658d68d4c7fb39cd82f69

Malware Config

Targets

    • Target

      RobloxSYN.exe.bin

    • Size

      14.7MB

    • MD5

      bcdcfae9a899b140f7687b95eaaf7122

    • SHA1

      12388fdb26324c23cfa970345cf7ce7182432865

    • SHA256

      bd88392632a744b882a1aef098c863cf01d429641d6a79509923498ebd93aab4

    • SHA512

      8c917e9cd5e25ad580a74958f6b8ec9847e5bd0467344378c860778b10ff0b2f23a387eec1205aadb0590db1bf52f85bc78094cd505658d68d4c7fb39cd82f69

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks