Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    RobloxStudioLauncherBeta.exe

  • Size

    2.0MB

  • Sample

    230512-t9pc2adh23

  • MD5

    95b5b81915323f8b91ad2cf6161c71f0

  • SHA1

    424e60bd550fc3736fcdc7e19ea3b49dfaa261ac

  • SHA256

    a114e6f865e407b6296ac00acd3b1e1e79953f589078eb6acdebdf1b763543e2

  • SHA512

    2a3e60c77d18717d418f67d47063aadab35a65ad75d9bc8852830a1f36f499bea3e27bb0701bd61517b24a2d9d21e97aae28ed552869af51545cb865d6a76479

  • SSDEEP

    49152:Q6/PEYkMoeZZi2bzTxXaZXXMdTvPMnPMQ3dSjXTFbhh/7TIyF:Q6/sYkReZZiSZbhh//z

Malware Config

Targets

    • Target

      RobloxStudioLauncherBeta.exe

    • Size

      2.0MB

    • MD5

      95b5b81915323f8b91ad2cf6161c71f0

    • SHA1

      424e60bd550fc3736fcdc7e19ea3b49dfaa261ac

    • SHA256

      a114e6f865e407b6296ac00acd3b1e1e79953f589078eb6acdebdf1b763543e2

    • SHA512

      2a3e60c77d18717d418f67d47063aadab35a65ad75d9bc8852830a1f36f499bea3e27bb0701bd61517b24a2d9d21e97aae28ed552869af51545cb865d6a76479

    • SSDEEP

      49152:Q6/PEYkMoeZZi2bzTxXaZXXMdTvPMnPMQ3dSjXTFbhh/7TIyF:Q6/sYkReZZiSZbhh//z

    • Downloads MZ/PE file

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Registers COM server for autorun

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v6

Tasks