e1752d7e4eafc3170c97548b6d2b6f7362db91e490e6076eae76a303582b452c | Triage

Sharing

General

Target

RobloxPlayerLauncher.exe
Size

4.7MB
Sample

230820-3gegssbe9z
MD5

baf5fc6994390a5a976a9b45ea66344c
SHA1

049b15db83a964d3ee531ec21b9dfe722139cc15
SHA256

e1752d7e4eafc3170c97548b6d2b6f7362db91e490e6076eae76a303582b452c
SHA512

441b03e3fca9518a891fd81c830b9977c2f0e66a07f8df1cf99fa25eafa8cf745b4a856037647c00c7cbfc7744a60bd771b072adbda9ca9f3e3f731e282bfc38
SSDEEP

98304:a1vrWGgrZEVTg+kyndadshxgmnR78hJlOVKF71bQE:4iGgrp+k2zgOGkKJ17

Score

8^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  RobloxPlayerLauncher.exe
- Size
  
  4.7MB
- MD5
  
  baf5fc6994390a5a976a9b45ea66344c
- SHA1
  
  049b15db83a964d3ee531ec21b9dfe722139cc15
- SHA256
  
  e1752d7e4eafc3170c97548b6d2b6f7362db91e490e6076eae76a303582b452c
- SHA512
  
  441b03e3fca9518a891fd81c830b9977c2f0e66a07f8df1cf99fa25eafa8cf745b4a856037647c00c7cbfc7744a60bd771b072adbda9ca9f3e3f731e282bfc38
- SSDEEP
  
  98304:a1vrWGgrZEVTg+kyndadshxgmnR78hJlOVKF71bQE:4iGgrp+k2zgOGkKJ17
Score

8^/10

persistence spyware stealer
- Downloads MZ/PE file
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Registers COM server for autorun
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer