a114e6f865e407b6296ac00acd3b1e1e79953f589078eb6acdebdf1b763543e2 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

RobloxStud...ta.exe

windows10-2004-x64

8

Sharing

General

Target

RobloxStudioLauncherBeta.exe
Size

2.0MB
Sample

230512-t9pc2adh23
MD5

95b5b81915323f8b91ad2cf6161c71f0
SHA1

424e60bd550fc3736fcdc7e19ea3b49dfaa261ac
SHA256

a114e6f865e407b6296ac00acd3b1e1e79953f589078eb6acdebdf1b763543e2
SHA512

2a3e60c77d18717d418f67d47063aadab35a65ad75d9bc8852830a1f36f499bea3e27bb0701bd61517b24a2d9d21e97aae28ed552869af51545cb865d6a76479
SSDEEP

49152:Q6/PEYkMoeZZi2bzTxXaZXXMdTvPMnPMQ3dSjXTFbhh/7TIyF:Q6/sYkReZZiSZbhh//z

Score

8^/10

discovery evasion persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

RobloxStudioLauncherBeta.exe

Resource

win10v2004-20230220-en

discovery evasion persistence spyware stealer trojan

windows10-2004-x64

27 signatures

1800 seconds

Malware Config

Targets

- Target
  
  RobloxStudioLauncherBeta.exe
- Size
  
  2.0MB
- MD5
  
  95b5b81915323f8b91ad2cf6161c71f0
- SHA1
  
  424e60bd550fc3736fcdc7e19ea3b49dfaa261ac
- SHA256
  
  a114e6f865e407b6296ac00acd3b1e1e79953f589078eb6acdebdf1b763543e2
- SHA512
  
  2a3e60c77d18717d418f67d47063aadab35a65ad75d9bc8852830a1f36f499bea3e27bb0701bd61517b24a2d9d21e97aae28ed552869af51545cb865d6a76479
- SSDEEP
  
  49152:Q6/PEYkMoeZZi2bzTxXaZXXMdTvPMnPMQ3dSjXTFbhh/7TIyF:Q6/sYkReZZiSZbhh//z
Score

8^/10

discovery evasion persistence spyware stealer trojan
- Downloads MZ/PE file
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy