Overview

overview

10

Static

static

3

Roblox Gam...er.exe

windows7-x64

1

Roblox Gam...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Roblox Game Manager.exe

  • Size

    1.2MB

  • Sample

    230530-kyawtsgh8z

  • MD5

    0c5490df9bc38516e0caf3671cfe53b3

  • SHA1

    6ed899171d1d5e3badea986eff1d8fbe39191511

  • SHA256

    368f78866f6d64f9f03a7caf900fad3e21a7d2c84dbe34d6ae1dc5f8264e4077

  • SHA512

    6e46bea29c4586730b8265d59d1e86aa963bedafc5f92dc42564d61a0d3fb0da7ab1cdaaf6d40a5ed2bdb976f4164da9e83054ffe6b499f10bf2c5b79d2394b9

  • SSDEEP

    24576:U2hXPc/uRkQW40y/v7ySTtA17c09ngjl8ShwTwtZiNpoRNm9VMgP4Tue61bi:bcbh3AqNxShwT1xTi

Score
10/10
dcratinfostealerpersistencerat

Malware Config

Targets

    • Target

      Roblox Game Manager.exe

    • Size

      1.2MB

    • MD5

      0c5490df9bc38516e0caf3671cfe53b3

    • SHA1

      6ed899171d1d5e3badea986eff1d8fbe39191511

    • SHA256

      368f78866f6d64f9f03a7caf900fad3e21a7d2c84dbe34d6ae1dc5f8264e4077

    • SHA512

      6e46bea29c4586730b8265d59d1e86aa963bedafc5f92dc42564d61a0d3fb0da7ab1cdaaf6d40a5ed2bdb976f4164da9e83054ffe6b499f10bf2c5b79d2394b9

    • SSDEEP

      24576:U2hXPc/uRkQW40y/v7ySTtA17c09ngjl8ShwTwtZiNpoRNm9VMgP4Tue61bi:bcbh3AqNxShwT1xTi

    Score
    10/10
    dcratinfostealerpersistencerat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Drops file in Drivers directory

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks