5f5756ddb66734d0d7f206d95a6722d20654ed406d33c646c85bddd3cbb2e999 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

RobloxPlay...er.exe

windows7-x64

8

RobloxPlay...er.exe

windows10-2004-x64

6

Sharing

General

Target

RobloxPlayerInstaller.exe
Size

4.5MB
Sample

231004-y2143sgg65
MD5

cda089edd734fab7391ac1a5f3f2435f
SHA1

c32aa3d7a348fae7c9cc483f3bac11353844d226
SHA256

5f5756ddb66734d0d7f206d95a6722d20654ed406d33c646c85bddd3cbb2e999
SHA512

4f0c45a1965ccf4dfe21d1bd7d57f746a460b49b1549b788080e5cf2e3b433051cc327a1ccf9ea3ea3c821653d00dc8253435ebe3bca2ad48bf144dba1d306c6
SSDEEP

98304:1kv2meX/z0dCX5RdBzsg+nngISXsMrMwejH39WUbVt:KSP/X5JYgI+183QUpt

Score

8^/10

discovery evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

RobloxPlayerInstaller.exe

Resource

win7-20230831-en

discovery evasion persistence trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

RobloxPlayerInstaller.exe

Resource

win10v2004-20230915-en

discovery evasion trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  RobloxPlayerInstaller.exe
- Size
  
  4.5MB
- MD5
  
  cda089edd734fab7391ac1a5f3f2435f
- SHA1
  
  c32aa3d7a348fae7c9cc483f3bac11353844d226
- SHA256
  
  5f5756ddb66734d0d7f206d95a6722d20654ed406d33c646c85bddd3cbb2e999
- SHA512
  
  4f0c45a1965ccf4dfe21d1bd7d57f746a460b49b1549b788080e5cf2e3b433051cc327a1ccf9ea3ea3c821653d00dc8253435ebe3bca2ad48bf144dba1d306c6
- SSDEEP
  
  98304:1kv2meX/z0dCX5RdBzsg+nngISXsMrMwejH39WUbVt:KSP/X5JYgI+183QUpt
Score

8^/10

discovery evasion persistence trojan
- Downloads MZ/PE file
- Sets file execution options in registry
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2

discoveryevasiontrojan

© 2018-2024

Terms | Privacy