General
-
Target
RobloxStudioLauncherBeta.exe
-
Size
2.0MB
-
Sample
230403-qtkhcsgf7z
-
MD5
0a5ea9b476f62da3cc0792f86ee653ac
-
SHA1
2a1e2ee0db395e7daff3bc854c70e96ad3303f03
-
SHA256
5e99b0e9c1ae1d548af407dce9694afc6462e3e1932cf8df58769b500893e003
-
SHA512
ebc1337339135a667d53fdd4387633b24530fb7d0f1f64d1114abacf7d7250a2d295e523617f43dfd8b65c503fdf27c1e3f064ac1d6666e67e563d0d7af93397
-
SSDEEP
49152:TKz8Gv5807LsmdtJyTS7aTbj7GTSAMtPMQ3dSBzTUbhh/212:TYFm07Lsmdtz+bhh/2Q
Static task
static1
Malware Config
Targets
-
-
Target
RobloxStudioLauncherBeta.exe
-
Size
2.0MB
-
MD5
0a5ea9b476f62da3cc0792f86ee653ac
-
SHA1
2a1e2ee0db395e7daff3bc854c70e96ad3303f03
-
SHA256
5e99b0e9c1ae1d548af407dce9694afc6462e3e1932cf8df58769b500893e003
-
SHA512
ebc1337339135a667d53fdd4387633b24530fb7d0f1f64d1114abacf7d7250a2d295e523617f43dfd8b65c503fdf27c1e3f064ac1d6666e67e563d0d7af93397
-
SSDEEP
49152:TKz8Gv5807LsmdtJyTS7aTbj7GTSAMtPMQ3dSBzTUbhh/212:TYFm07Lsmdtz+bhh/2Q
-
Downloads MZ/PE file
-
Modifies Installed Components in the registry
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-