General
-
Target
RobloxPlayerLauncher.exe
-
Size
1.4MB
-
Sample
230312-vnx9gsgf4w
-
MD5
57112c13c86348c1d78c82f25fc64533
-
SHA1
f6e26c12087badd318c00d4b511b04d0fc79bc57
-
SHA256
df7205a99dcab93956834d0b2bd86e87a61d83f7b50ede1203c4a5b74836e2bb
-
SHA512
d9cf7534650648fd88ffdef379ee92f1c7c0cd37e2a14c85ac0fe33a333635252dfef690b774191835f0064963c133765410a00d636b4f5ecf4f35afb5ddb516
-
SSDEEP
24576:dd9mOVYESaJ8QvFnUZ2TbIwhuREVxcJjj6PbKV4leToAyGCLlxtbK3r0TsPE8CGG:dBVYESa7ybJH604lnAyGCLlxtbK3r0T9
Malware Config
Targets
-
-
Target
RobloxPlayerLauncher.exe
-
Size
1.4MB
-
MD5
57112c13c86348c1d78c82f25fc64533
-
SHA1
f6e26c12087badd318c00d4b511b04d0fc79bc57
-
SHA256
df7205a99dcab93956834d0b2bd86e87a61d83f7b50ede1203c4a5b74836e2bb
-
SHA512
d9cf7534650648fd88ffdef379ee92f1c7c0cd37e2a14c85ac0fe33a333635252dfef690b774191835f0064963c133765410a00d636b4f5ecf4f35afb5ddb516
-
SSDEEP
24576:dd9mOVYESaJ8QvFnUZ2TbIwhuREVxcJjj6PbKV4leToAyGCLlxtbK3r0TsPE8CGG:dBVYESa7ybJH604lnAyGCLlxtbK3r0T9
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Legitimate hosting services abused for malware hosting/C2
-