fd2ff83049de09f54fbe49d72d1bcd0eb0c66b90c02874336c97075622ad5662 | Triage

Sharing

General

Target

Roblox_Cheat_FR.exe
Size

18.8MB
Sample

230331-22sdqafe7x
MD5

fe21005d7719639712fd6fbb40d01211
SHA1

18ec5cf41567d15e96d3494debd02dfb86fcb750
SHA256

fd2ff83049de09f54fbe49d72d1bcd0eb0c66b90c02874336c97075622ad5662
SHA512

d729284691fea7476eb60ab9f11e8155e01118250ebfcd7a020b64ba687092465e35a4421f7b8b0ae136caef73f58fe6e42aa96fe39f611595a514aab5dd9e42
SSDEEP

393216:ptu7L/quanSyY+k4tO2dQuslN/m3pDl9AJ4ZoWOv+9fPV4aeLq8PS3kM5u:XCLS/Y4tndQu4KRS4ZorvS3wLq8K3kMY

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  Roblox_Cheat_FR.exe
- Size
  
  18.8MB
- MD5
  
  fe21005d7719639712fd6fbb40d01211
- SHA1
  
  18ec5cf41567d15e96d3494debd02dfb86fcb750
- SHA256
  
  fd2ff83049de09f54fbe49d72d1bcd0eb0c66b90c02874336c97075622ad5662
- SHA512
  
  d729284691fea7476eb60ab9f11e8155e01118250ebfcd7a020b64ba687092465e35a4421f7b8b0ae136caef73f58fe6e42aa96fe39f611595a514aab5dd9e42
- SSDEEP
  
  393216:ptu7L/quanSyY+k4tO2dQuslN/m3pDl9AJ4ZoWOv+9fPV4aeLq8PS3kM5u:XCLS/Y4tndQu4KRS4ZorvS3wLq8K3kMY
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2