Overview

overview

6

Static

static

1

RobloxPlay...er.exe

windows7-x64

6

RobloxPlay...er.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RobloxPlayerInstaller.exe

  • Size

    4.6MB

  • Sample

    240219-t2rhesgg39

  • MD5

    f16ac9b02b4726b444b383d76db1ae18

  • SHA1

    7388c264874447d1ded6b6acaa35d26144d023a9

  • SHA256

    f59c4acec3cd952c3ab981d56e1e68f543ad8684a3b44c6b59b70fbabc2b5ff0

  • SHA512

    9bf0e99eae1406341358c787de4bfd412933af8ca064e0aa09f0bf6893b5d5d9899a82d360f423cc7fae6d647e7196778fddee031508caae99f4a9316e6edf39

  • SSDEEP

    98304:Q+v//h75UcT+6O6QCp4jgzg2ar8S9rpTwkTPKXbSz:Jnh75nTS6Qvg3utwSiE

Score
6/10
discoveryevasionpersistencetrojan

Malware Config

Targets

    • Target

      RobloxPlayerInstaller.exe

    • Size

      4.6MB

    • MD5

      f16ac9b02b4726b444b383d76db1ae18

    • SHA1

      7388c264874447d1ded6b6acaa35d26144d023a9

    • SHA256

      f59c4acec3cd952c3ab981d56e1e68f543ad8684a3b44c6b59b70fbabc2b5ff0

    • SHA512

      9bf0e99eae1406341358c787de4bfd412933af8ca064e0aa09f0bf6893b5d5d9899a82d360f423cc7fae6d647e7196778fddee031508caae99f4a9316e6edf39

    • SSDEEP

      98304:Q+v//h75UcT+6O6QCp4jgzg2ar8S9rpTwkTPKXbSz:Jnh75nTS6Qvg3utwSiE

    Score
    6/10
    discoveryevasionpersistencetrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Downloads MZ/PE file

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks