Overview

overview

10

Static

static

10

Robux_Gene...er.exe

windows7-x64

7

Robux_Gene...er.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Robux_Generator_2023 (1).rar

  • Size

    14.0MB

  • Sample

    240202-raadqahhfr

  • MD5

    158da56328247dad2428faee180cb66a

  • SHA1

    0bd9996e75969efc6725cd4cb79117044254f1a1

  • SHA256

    e85764f2bb7eff369a0059363b59067e1d3b878bf417e394e96781cb93ecab6f

  • SHA512

    0cec62ab528c84739ea4754d0f824b926a0b96944a1c6a6a2fd17890862ab4905fefe738b5f14e4ffd780c298c0a233cfe5044644f73634b5c3590019573717f

  • SSDEEP

    393216:ECvFArMfxGAZOgOouBh4IcWjMcnCLpKQKj8EBXRG:ParMfxLOptsAMceK1dBhG

Score
10/10
crealstealerpyinstallerspywarestealer

Malware Config

Targets

    • Target

      Robux_Generator_2023/Installer.exe

    • Size

      14.3MB

    • MD5

      e0bf4b95b5fc778d1263591470f1bfdf

    • SHA1

      900bfbf77b4159bc3e75ee2a400474875fcb1614

    • SHA256

      48b24b0bb4f81a9171a6cdca553dcc341875cb23c8509293f119510df6a8b8a1

    • SHA512

      ae92b93e2ad8d40501b5acf1012a1136f92ea8e4194a453b88b7ca905ac7ad407fa4259610b8befdb3ad1cc38fdadfea865f8ca8498007fae86f7ce1550be7bc

    • SSDEEP

      393216:/qu7L/qdQusl7Q+q9RoWOv+9fa2Nwl5SRVzwkB:yCLydQu2QdborvSiawlUVzw

    Score
    7/10
    spywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks