e1f36bb55ba21592c38ce8ed12224353541ffbf2c0cf049f688a6155f26ff5d8 | Triage

Submit
Reports

Overview

overview

6

Static

static

1

RobloxPlay...er.exe

windows10-2004-x64

6

Sharing

Copy URL Twitter E-mail

General

Target

RobloxPlayerInstaller.exe
Size

4.5MB
Sample

240123-v6l9yaebe9
MD5

d0d664e8b9191b60ff04374aee139d4c
SHA1

e048dadb0cc7332a8d3ec1193860c07b5a51edee
SHA256

e1f36bb55ba21592c38ce8ed12224353541ffbf2c0cf049f688a6155f26ff5d8
SHA512

5772e508981c76b7d84d0f600003bdc7b7f98f43dff45aa059ea083cc3201349bbc13836048bbe20365a801843202ed42ff85bb93739017be9cd74e792f7bc8e
SSDEEP

98304:PDv3TcSU8hmQTgnqbktGg37IWuJ/7GBPRNoVFKbjV:j3TNUnQbvg37e6BZvV

Score

6^/10

discovery evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

RobloxPlayerInstaller.exe

Resource

win10v2004-20231215-en

discovery evasion persistence trojan

windows10-2004-x64

20 signatures

600 seconds

Malware Config

Targets

- Target
  
  RobloxPlayerInstaller.exe
- Size
  
  4.5MB
- MD5
  
  d0d664e8b9191b60ff04374aee139d4c
- SHA1
  
  e048dadb0cc7332a8d3ec1193860c07b5a51edee
- SHA256
  
  e1f36bb55ba21592c38ce8ed12224353541ffbf2c0cf049f688a6155f26ff5d8
- SHA512
  
  5772e508981c76b7d84d0f600003bdc7b7f98f43dff45aa059ea083cc3201349bbc13836048bbe20365a801843202ed42ff85bb93739017be9cd74e792f7bc8e
- SSDEEP
  
  98304:PDv3TcSU8hmQTgnqbktGg37IWuJ/7GBPRNoVFKbjV:j3TNUnQbvg37e6BZvV
Score

6^/10

discovery evasion persistence trojan
- Checks whether UAC is enabled
  evasion trojan
- Downloads MZ/PE file
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

© 2018-2025

Terms | Privacy