eb3a0dde867994262fd22df0f5011cda8f7152a43da08b9a52c25d7f24bc24c2

Sharing

Copy URL

Twitter E-mail

General

Target

exe.win-amd64-3.11.zip
Size

83.6MB
Sample

231011-f418raea22
MD5

2027b0b5e590940e372421fa08adb8eb
SHA1

f2d521c1e0c28031bda344c3928e7c0472d86d9f
SHA256

eb3a0dde867994262fd22df0f5011cda8f7152a43da08b9a52c25d7f24bc24c2
SHA512

c69f02fa471f5263bc7cd182adff6790dcbfa1114d1287a503da33e08d11f16a383d5f8119cbc59f61db8614a9290826c7cc9241b01928a4c249a9c3d103df02
SSDEEP

1572864:vd+LooKiZUJglnNNMWAtToOQpknezhmd1SuT9KIkyTlK8R2UWEdOhj+VVrP5m3:fwWgditcBp2ezgd0uhKIZHRGEdOhj+Vm

Score

6^/10

Malware Config

Targets

- Target
  
  exe.win-amd64-3.11/Roblox.exe
- Size
  
  16KB
- MD5
  
  936ce978fff0afa81a54a17dc25febf1
- SHA1
  
  c0683a8c1bba6dbd9663dc253c3bd07457fe8c46
- SHA256
  
  b877350a9ecec78915e644ae800dd65a805f58e0cdb21ce33e822258000584b9
- SHA512
  
  0a88e5c871da79b2f665d45d9bba8276a99773fb39316c401992928e81e79cb6cf6a8079b0313acbc3684f52f5cb337648e243183588bf599b45b6e5c2cfed2a
- SSDEEP
  
  192:FUfcKr+kAUtQYkNwEBWevhvzCoLHt8WQKgr81eThEqcNG6cO5tfwp:FookAhYkNqMhWkKRT+d3c/
Score

6^/10
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  exe.win-amd64-3.11/lib/Cryptodome/Cipher/AES.pyc
- Size
  
  8KB
- MD5
  
  feacb7a61455be14be008e1074f849e9
- SHA1
  
  8ce9c63b8410a53a459e0388cc482f8b985e2342
- SHA256
  
  47dab4326f983b329e3bb7b91f6284c9644ca0d3e3c4d11ce59c4514bb2c32f7
- SHA512
  
  2c57a7445fcae606007958158c77fe084c5ad0feab027427057e2b7da39d26d305c86d934963dedd7decda4fe4ddfe4bcb9fa712515c9d3f749f291647b7b354
- SSDEEP
  
  192:8e65nM89EXW/NjsHXk/y+ItPdZ9QjLslFdgggy/o:8/9BVhGtPFQjLslFTo
Score

3^/10
behavioral3 behavioral4
- Target
  
  exe.win-amd64-3.11/lib/Cryptodome/Cipher/_ARC4.pyd
- Size
  
  11KB
- MD5
  
  daa609194278761a836e3b6dabb89a45
- SHA1
  
  af999796f133c94d4e9c64316b94298b23dd42f7
- SHA256
  
  39e6383b43b87638337839279c59b9d31c5413988873bfcb59db44c6662854d9
- SHA512
  
  3ecc6a43531289de3a4f3764ec3c15a120470d177e8d2e73ee7bdb89ab53025751b0eae6b6e3203c8a6b941f79a8abcd6871544c7b29a053536e70adbb85e742
- SSDEEP
  
  96:Xk9VD9daQ2iTrqT+y/ThvQ0I1uLfcC75JiC4Rs89EcYyGDTM0OcX6gY/7ECFV:i9damqT3ThITst0E5DTKcqgY/79X
Score

1^/10
behavioral5 behavioral6
- Target
  
  exe.win-amd64-3.11/lib/Cryptodome/Cipher/_EKSBlowfish.pyc
- Size
  
  4KB
- MD5
  
  eab19632c1294661f206bc3e7a104cb6
- SHA1
  
  c6180dffa428d85a7c24222ae9707e9819c13f02
- SHA256
  
  89ddb904aff6cbdf4bae4cd1515dc63a5b80f50acbc933038e8c669220d5292c
- SHA512
  
  062004eb873e42bc5934fe2a64421f1f978988796c681e8d13329ed3e422d45ac3d134a3184c21c747db929cefe89b5034db632e895d64281d0d93b562f8b1e6
- SSDEEP
  
  96:HawpXvaWWWa+aj9iivDDMq+BNp91+7moVH4ySS:HaHtjV3kN/1+7mQz
Score

3^/10
behavioral7 behavioral8
- Target
  
  exe.win-amd64-3.11/lib/Cryptodome/Cipher/_Salsa20.pyd
- Size
  
  13KB
- MD5
  
  b625901b579272698580a7872c55d7d5
- SHA1
  
  dbe00e27164072acbee55fd8207861fb00cc618b
- SHA256
  
  e35223a351faa644929b8a610dbda5d3cf21bc6b0625e5607927db92c3488f94
- SHA512
  
  0631f5d094279086c47d2e1a1d4d8d30e87dbb8ee2ee70b2fd7277b93d89877a797bf73868f84aa88409ba3bd448089a9d339f91dd90d4bfb8a7b4a2d8736cfa
- SSDEEP
  
  192:eF/1nb2eqCQtkluknuz4ceS4QDuRA7cqgYvEP:U2P6luLtn4QDmmgYvEP
Score

1^/10
behavioral10 behavioral9
- Target
  
  exe.win-amd64-3.11/lib/Cryptodome/Cipher/__init__.pyc
- Size
  
  2KB
- MD5
  
  0fb4bc07a8676b6072f684db0c60586f
- SHA1
  
  b2e3511567a16cea31600bc3aa3d785eec64bf5d
- SHA256
  
  f05e71f99d3e5dac0e1e7919098ffd4fd1eacc0fda447c6a12d43be0be3ead63
- SHA512
  
  5944cb59e8608c9f2d417f7be71883b52bf75eb21fdda19fc0c6b832deb58201ff4f443abac1aa5bc78c85cfc655b63610ab44f3bf76d86a5ef0f5a507205ca6
Score

3^/10
behavioral11 behavioral12
- Target
  
  exe.win-amd64-3.11/lib/Cryptodome/Cipher/_chacha20.pyd
- Size
  
  13KB
- MD5
  
  dd8f0ffcccc1af2040ad600092e98255
- SHA1
  
  7a923e497ec29b6a0390470c74f7068e26b562dc
- SHA256
  
  29a76aae9e8ec46a5da154f27f3d84d933e64e1b4c375133e8efeb4a6e4c619b
- SHA512
  
  a85fed40642532f42c6acf53dafa4d704d7ee043e5e2d826d8ca3a763338cefcf39e8c2fc5c2f17ce8cfff1cec3657ebe9423382326865aa96cd438d02cd7319
- SSDEEP
  
  192:fXF/1nb2eqCQtkXnFYIrWjz0YgWDbu5ao0vdvZt49lkVcqgYvEMN:v2P6XTr0zXgWDbuH0vdvZt49MgYvEMN
Score

1^/10
behavioral13 behavioral14
- Target
  
  exe.win-amd64-3.11/lib/Cryptodome/Cipher/_mode_cbc.pyc
- Size
  
  10KB
- MD5
  
  5814cde49c3d2a5a34343bc992ac7b0b
- SHA1
  
  df2a3cd8142bcb1b14b6b3b57acfc9551ba0b4f7
- SHA256
  
  5dd01cc9fcdc4e631fb9242e95dd2f9f4bcf467e511dab5549eb068e00c475ab
- SHA512
  
  b5cd92fca03ac79275b91c050dd79667dbec3b6f00a7bc28dfc072c5bb557d00c8375f5f1a4d8e53d24737a0ca176400da50337ab6f28ca6b1f85bd3a4004b78
- SSDEEP
  
  96:m226kvJbQ9XIgEggPI4nx3ZJpSSNCWiHgVt834mGvWcsQAn9rdLt83425pKIn+1g:m3bJsgPI4x3ZMWdU4c7U4QnKej+gpp
Score

3^/10
behavioral15 behavioral16
- Target
  
  exe.win-amd64-3.11/lib/Cryptodome/Cipher/_mode_ccm.pyc
- Size
  
  25KB
- MD5
  
  ccbad7d94822d1a742c64defd39bab01
- SHA1
  
  694fad588d955eabe08c41f630d7c4551b0618d3
- SHA256
  
  113e3baeb76127624daa562fecbb39f08e083b67fafd46e729b56b20849d1f24
- SHA512
  
  515e4b4e63e7c284c8e37e9919d11dd435e79ca4069f683c1c47c69798e7212a11a1f680cec7d09f1423bca9bf153283f395827d2bbc27fb399ba1a85d11da69
- SSDEEP
  
  384:Tq/qgU1Xl1wB3ziI4SiI4QuogPD8jLmv4SeWPj7KzPc4eqEu:T5/wJDEI4VPWmvxeG7KYW
Score

3^/10
behavioral17 behavioral18
- Target
  
  exe.win-amd64-3.11/lib/Cryptodome/Cipher/_mode_cfb.pyc
- Size
  
  10KB
- MD5
  
  42c117d583146e0e7bf236616bf69a29
- SHA1
  
  b35d32cc33586d4e473c55d37c6abacfbfebda1f
- SHA256
  
  1e79692da8b0ea34acd22340e768d300172d95762832dc1b201d9bc1f79b3abb
- SHA512
  
  e62576a168bcdcb65014406be1cd883b4059e837662ad944ce577b1dc38bed330b2fd3ee7d0386a001e4fdecee335ec511b2acd8f6c471ac946761f81d5c07c9
- SSDEEP
  
  192:Nw3jDCxEZzorrU4B/NU4DfZZkZZZZqjbPpw:grZzoXTBFTDnjtw
Score

3^/10
behavioral19 behavioral20
- Target
  
  exe.win-amd64-3.11/lib/Cryptodome/Cipher/_mode_ctr.pyc
- Size
  
  15KB
- MD5
  
  00884f39ecf2d859e86665c36cd40a54
- SHA1
  
  6300e6049399c23d2529e0f3ab1fd237720574c0
- SHA256
  
  27be87fbc5bee6ce4a89b15d36b8a94ae045d6c3448c68b50304b28704afadc8
- SHA512
  
  a543895082d083b858b8a1b08c47fd407892f54f9d275c3eacdb418eaa40e7fa9b63f48cdfad003786a016cca5117993ae49cb481e5d6c48edc6c997519d720e
- SSDEEP
  
  192:mtGDPkH7KxiM16TsyXiFfU4PkdU4fYrLEj4SkIkjaXfAhS1LbM:mwb0SDe2fTPkdTfYrLPSkI+aX31M
Score

3^/10
behavioral21 behavioral22
- Target
  
  exe.win-amd64-3.11/lib/Cryptodome/Cipher/_mode_eax.pyc
- Size
  
  15KB
- MD5
  
  b0e569f806d6caf34ce929ffec627dac
- SHA1
  
  26b01a7eb93484eb1bbc6a1bb6a64f35cb577963
- SHA256
  
  29059d0570b560dac07f5f35dd62b8b901574837cf99c4f02ac02a6670f95207
- SHA512
  
  6a73d3837c7fabc912402f43121d165cf29f6180d54345ac8f57c77628c73c7d5c4bdb0e849f82110efb737c5ef6b37698c2a7a57a59ab2b280af558f36eb603
- SSDEEP
  
  384:TwX+X6vFM4jDTFVyfTHMR/A7Ip47ai99kGzecWRK:TjX6mwloIJu7amHzeRK
Score

3^/10
behavioral23 behavioral24
- Target
  
  exe.win-amd64-3.11/lib/Cryptodome/Cipher/_mode_ecb.pyc
- Size
  
  8KB
- MD5
  
  ac6081ba401c699a151cd0a685e6ed07
- SHA1
  
  71127f32a1c73d446212f5463693dc32e8c9ffc1
- SHA256
  
  84cd809de518009d80307449064fa4a3584cca26bddf6e5ff7583b3270cff1a5
- SHA512
  
  bb96c56411cfe976dd461cfbf97bd796d0437cc65e167a0c7ca333ddcae3b9bcd39f9e556f724a19e439bbec6eb7a38ae47e4f7174de32d5563363df283b847f
- SSDEEP
  
  96:EQRS6kvViAtXEshfxCx7l7NmadVgrPqBP6sQLR7DHdMwqc5p3hxhS6ZJi3Xq:Edipsh27aaGv9XhfJg6
Score

3^/10
behavioral25 behavioral26
- Target
  
  exe.win-amd64-3.11/lib/Cryptodome/Cipher/_mode_gcm.pyc
- Size
  
  24KB
- MD5
  
  febeee3dca8d4d7b481319cf67024509
- SHA1
  
  f782582cae24b43501e2fec6b5e1b81114e453d3
- SHA256
  
  9490b684d5d16c8517bce49c424f96989693d244ff1f4228bcdaba353d7d14fd
- SHA512
  
  e3adf83babd032b5c4b378214134f2022bcc4636ed16799a767ea70524ce14bbf520f27b1e415368514c92acd75e898cae7ff92c71cfcd8d03288848dfd3ac75
- SSDEEP
  
  384:+SaWw4SgqFGRVwkJRkPM4SjL8Tn4klTfZkgMybU7BS7ocYyb67meJh9:+Ow4SgqMOU9L+9OgMybUE7x/Kz
Score

3^/10
behavioral27 behavioral28
- Target
  
  exe.win-amd64-3.11/lib/Cryptodome/Cipher/_mode_ocb.pyc
- Size
  
  20KB
- MD5
  
  1ae7bfb9cc903be64fc54f384701ca0e
- SHA1
  
  cd763c65da1e1e8b4ba87878e7d29cc62be4f50f
- SHA256
  
  9629cd2c8d56d3b0bb2cbb0dcd3600ceabf53f88b20c6f5935828d28f77b4713
- SHA512
  
  f272bcddef69d88116af9c440197775aa0d45b854830cad5b8be8006bea3d1f81a3665d8c1b61eb97247dd6883cbfebdb53939d1e8e06ef64db22cee467a4721
- SSDEEP
  
  384:cCqHG+qi2jbRJF44h3R422oD9eWWEne47l8vadgETqZr0Tx19j57:cCsG+qJfjhBYZQqa9qhmD9j57
Score

3^/10
behavioral29 behavioral30
- Target
  
  exe.win-amd64-3.11/lib/Cryptodome/Cipher/_mode_ofb.pyc
- Size
  
  10KB
- MD5
  
  a2a1eae9b4277010793a3b7fbf2a2220
- SHA1
  
  6bff2e28548dcc498f5fa013e330605b6f578353
- SHA256
  
  a6b1fdbd9395ae6da4658defb19963fcb17ada24502982c86117f139fe925860
- SHA512
  
  41e295f8db70a7799e5ee27a31cd2101d184dada4647a4121cd431934ae3ebd4bdbf9314387f3f710bcd984444702c25832b04fefa8ce0b7bdb500c7ba76a31f
- SSDEEP
  
  192:moy5NPuxIfHU4JWVU4w8GZZkZZZZAjm7TbAAAFJ:s3fHTJWVTwTja2
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32