Overview

overview

8

Static

static

RobloxPlay...er.exe

windows10-1703-x64

8

RobloxPlay...er.exe

windows7-x64

8

RobloxPlay...er.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RobloxPlayerLauncher.exe

  • Size

    2.0MB

  • Sample

    230105-gmylzaba73

  • MD5

    f32bb6903914676015a4f04984f89d27

  • SHA1

    ac93c563004cf4bbf37b87dbe2a7e66498a31c6b

  • SHA256

    cdce1f54a3f33df698fc808e607d9b854cbcf2d56e6233e90656a5d2b2bd1227

  • SHA512

    fc3d0533421e3400d950a78d89c5e7407f6d659f5584e0c2196b458328f24f0baa94f0314a0e2b3845d38c9b9073e36425eb51219bf595377db1183db59f9610

  • SSDEEP

    49152:9zHyGk2X3zco2slPOiTXba8g2sITTG1MAPMQ3d2oTT6b6kIq:VyG1X3MslPh7bL

Score
8/10
discoveryevasionspywarestealertrojan

Malware Config

Targets

    • Target

      RobloxPlayerLauncher.exe

    • Size

      2.0MB

    • MD5

      f32bb6903914676015a4f04984f89d27

    • SHA1

      ac93c563004cf4bbf37b87dbe2a7e66498a31c6b

    • SHA256

      cdce1f54a3f33df698fc808e607d9b854cbcf2d56e6233e90656a5d2b2bd1227

    • SHA512

      fc3d0533421e3400d950a78d89c5e7407f6d659f5584e0c2196b458328f24f0baa94f0314a0e2b3845d38c9b9073e36425eb51219bf595377db1183db59f9610

    • SSDEEP

      49152:9zHyGk2X3zco2slPOiTXba8g2sITTG1MAPMQ3d2oTT6b6kIq:VyG1X3MslPh7bL

    Score
    8/10
    discoveryevasionspywarestealertrojan

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v6

Tasks