Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    RobloxPlayerLauncher.exe

  • Size

    2.0MB

  • Sample

    230419-th57gabf99

  • MD5

    71044866abd760632917f89ac39451ac

  • SHA1

    feb7b02f1e7a3206698f8d3f2e554f0419a8f686

  • SHA256

    460cd2ae6aecc2633e3b12e55a2d9071cbffcab21d371539f0b1a802d5cd8270

  • SHA512

    98d741ee76e9cd082662be49c11b85408643dbfc39289f4194f0cb63d0d21cb3f986f28d2fc65600bbad4520e78cc57aca40fd43dd9cef3342f4b23565c67734

  • SSDEEP

    49152:EcYgTmNVji4o14YTkaac6ECCTnlMQPMQ3dS+LTLb6VYhZ9:ENgSNVjZo1+4b/

Malware Config

Targets

    • Target

      RobloxPlayerLauncher.exe

    • Size

      2.0MB

    • MD5

      71044866abd760632917f89ac39451ac

    • SHA1

      feb7b02f1e7a3206698f8d3f2e554f0419a8f686

    • SHA256

      460cd2ae6aecc2633e3b12e55a2d9071cbffcab21d371539f0b1a802d5cd8270

    • SHA512

      98d741ee76e9cd082662be49c11b85408643dbfc39289f4194f0cb63d0d21cb3f986f28d2fc65600bbad4520e78cc57aca40fd43dd9cef3342f4b23565c67734

    • SSDEEP

      49152:EcYgTmNVji4o14YTkaac6ECCTnlMQPMQ3dS+LTLb6VYhZ9:ENgSNVjZo1+4b/

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v6

Tasks