General

  • Target

    RobloxPlayerInstaller.exe

  • Size

    4.6MB

  • Sample

    240204-12v9yabhd8

  • MD5

    6de8c1641e03b8080a40ab515ca5edfc

  • SHA1

    e963bad6f1852de446512c313d9d0359eceeea65

  • SHA256

    59ff1970e144aaea68c2fc942ac499bbece25579230fa22db18d9c77d5d0720d

  • SHA512

    de4088b541f4b857191045123047a3be63f3d7c243830aa6aece28600a2f3cbdc92be90e4a994a72a1d99d7a8edb893616366169bb6a058ee8e9b0c9bcffb18c

  • SSDEEP

    98304:G/vt45232uPpqj4BB5Dg+8knJ6rNbO3yguFbs6:GN3ZpHpgNnbEGFb

Malware Config

Targets

    • Target

      RobloxPlayerInstaller.exe

    • Size

      4.6MB

    • MD5

      6de8c1641e03b8080a40ab515ca5edfc

    • SHA1

      e963bad6f1852de446512c313d9d0359eceeea65

    • SHA256

      59ff1970e144aaea68c2fc942ac499bbece25579230fa22db18d9c77d5d0720d

    • SHA512

      de4088b541f4b857191045123047a3be63f3d7c243830aa6aece28600a2f3cbdc92be90e4a994a72a1d99d7a8edb893616366169bb6a058ee8e9b0c9bcffb18c

    • SSDEEP

      98304:G/vt45232uPpqj4BB5Dg+8knJ6rNbO3yguFbs6:GN3ZpHpgNnbEGFb

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Downloads MZ/PE file

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Modifies Installed Components in the registry

    • Sets file execution options in registry

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks