General
-
Target
Robux_Generator.exe
-
Size
21.4MB
-
Sample
230609-x3cx7sdb34
-
MD5
118a8837aa2b77b08cc2006b0aeda73a
-
SHA1
82b2f9905e7fb1050997e70232aa5b0b5050549a
-
SHA256
0758eaf14b096b5c1204deab699870656e07a9bd81b7da92786eb44562417c53
-
SHA512
30ef17faaabf5c501de40bdad688750b2036d816de73ba45a7aab164e882f00e3513139c8e33f1a21076adad76ce53b1f9014aa248d3c1661c2f19191290751c
-
SSDEEP
393216:4xAlnfLFinVPm2QaFqyYgsSVXG0J3F1hkHzo8Y0D:9ljFinVPm2QR9SMou
Malware Config
Targets
-
-
Target
Robux_Generator.exe
-
Size
21.4MB
-
MD5
118a8837aa2b77b08cc2006b0aeda73a
-
SHA1
82b2f9905e7fb1050997e70232aa5b0b5050549a
-
SHA256
0758eaf14b096b5c1204deab699870656e07a9bd81b7da92786eb44562417c53
-
SHA512
30ef17faaabf5c501de40bdad688750b2036d816de73ba45a7aab164e882f00e3513139c8e33f1a21076adad76ce53b1f9014aa248d3c1661c2f19191290751c
-
SSDEEP
393216:4xAlnfLFinVPm2QaFqyYgsSVXG0J3F1hkHzo8Y0D:9ljFinVPm2QR9SMou
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-