Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    RobloxStudioLauncherBeta.exe

  • Size

    1.7MB

  • Sample

    230426-tddxescc2t

  • MD5

    698169cf49a94cf00a75660e1c0d1abc

  • SHA1

    f5051f2e689ddd8efecbb90aa06f7552bf6ff6df

  • SHA256

    93504a937540d9885d55e70bdda7d6d4fa6f0ee74492fa425c8d4b21b4d303c6

  • SHA512

    bfdfcb28212ef7dd8484edff4146084bc3e47d1ad9a5f8525f1a877b62bf53ad5792bd1555ce0fb2d5c9b52845dabce122536cbde57c799fd3207d06ae1a266d

  • SSDEEP

    49152:+K2LsGZj5jgWb7851B6pPdAsfTFaWRWgaeTJiM9PMQudAe6TYzH2:H2LsGvb785c

Malware Config

Targets

    • Target

      RobloxStudioLauncherBeta.exe

    • Size

      1.7MB

    • MD5

      698169cf49a94cf00a75660e1c0d1abc

    • SHA1

      f5051f2e689ddd8efecbb90aa06f7552bf6ff6df

    • SHA256

      93504a937540d9885d55e70bdda7d6d4fa6f0ee74492fa425c8d4b21b4d303c6

    • SHA512

      bfdfcb28212ef7dd8484edff4146084bc3e47d1ad9a5f8525f1a877b62bf53ad5792bd1555ce0fb2d5c9b52845dabce122536cbde57c799fd3207d06ae1a266d

    • SSDEEP

      49152:+K2LsGZj5jgWb7851B6pPdAsfTFaWRWgaeTJiM9PMQudAe6TYzH2:H2LsGvb785c

    • Downloads MZ/PE file

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Registers COM server for autorun

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks