Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    RobloxPlayerLauncher.exe

  • Size

    2.0MB

  • Sample

    230412-v4fpdadg89

  • MD5

    db6c5ba8ebfac25ef90a93f576a1828a

  • SHA1

    d5423517d97f40f9f53ae7eea08507c1a8d1574a

  • SHA256

    45d46345af6910f24d308c0240abbbb2c18d912aa82e323606de9ce215c7d8bb

  • SHA512

    c3adf173cd183ca8e687aca1e3d21ed6d306dc47cfc0a1173d6a6212314754bd11b3030d0b16ae0dd1f312f140ef8ebf5e4fa5bfa1dd42365197d9656beea13a

  • SSDEEP

    49152:dFSDltZFia18KhM/04OSFTUeaho3mfTjFMwPMQ3dSWzTrb6O:wqa1RhM/04OXTbb

Malware Config

Targets

    • Target

      RobloxPlayerLauncher.exe

    • Size

      2.0MB

    • MD5

      db6c5ba8ebfac25ef90a93f576a1828a

    • SHA1

      d5423517d97f40f9f53ae7eea08507c1a8d1574a

    • SHA256

      45d46345af6910f24d308c0240abbbb2c18d912aa82e323606de9ce215c7d8bb

    • SHA512

      c3adf173cd183ca8e687aca1e3d21ed6d306dc47cfc0a1173d6a6212314754bd11b3030d0b16ae0dd1f312f140ef8ebf5e4fa5bfa1dd42365197d9656beea13a

    • SSDEEP

      49152:dFSDltZFia18KhM/04OSFTUeaho3mfTjFMwPMQ3dSWzTrb6O:wqa1RhM/04OXTbb

    • Downloads MZ/PE file

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Registers COM server for autorun

    • Checks whether UAC is enabled

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v6

Tasks