8aa0127fd90693f749e08330a9c10f19f8b15fae427a22eb523b060762767d77

Sharing

Copy URL Twitter E-mail

General

Target

Roblox-Player-Server-Searcher-2.0.0.zip
Size

978KB
Sample

240224-cvwp5afd2s
MD5

e36bd08bed13b078acb161c28f9554f0
SHA1

2d493973fbfe05198bdec186846f8b89db8757c1
SHA256

8aa0127fd90693f749e08330a9c10f19f8b15fae427a22eb523b060762767d77
SHA512

3a50223a9725e83deb6c4b2ba113ef9cdb1a651591775bafc0339fac3b317d06cd5a47cd18c076a1be4f756ffd9f1c7e96e785669b5b9e7e3378667afd84c52b
SSDEEP

24576:DTQvTE/oVAE/2qLiUfMPJv6jvDf4GpBTFGULtRqNT8dqCEI+:DTGTEBEOQjg3KFng87x+

Score

8^/10

Malware Config

Targets

- Target
  
  Roblox-Player-Server-Searcher-2.0.0/background.js
- Size
  
  3KB
- MD5
  
  0f67e52512e03528df200822a9995d18
- SHA1
  
  31eb538d0b52855272ecb34c761f271db9a3b20b
- SHA256
  
  92df03cd478f23a2166940d05dab7de39f993772e52d8de1e59c2df8b5b929f9
- SHA512
  
  e263ea509d493b1d2a5190b663987da4877084d85ecc976c2e3d7b49ecb777d574a500eea035ddf9c8d41d2c48c2bf3cfce383db489851c8266af1cb55ff04a4
Score

8^/10

adware discovery evasion persistence stealer trojan
- Downloads MZ/PE file
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1
- Target
  
  Roblox-Player-Server-Searcher-2.0.0/js/content.js
- Size
  
  2KB
- MD5
  
  d0e47bf21d21d3620cd3e1db81c29e97
- SHA1
  
  f2c94bedb81b337862c7e7af643aa6cde475cfcf
- SHA256
  
  4a740271e86a0b92304d8577676a5275893aead8bf855bd51e4b9bfd855171d3
- SHA512
  
  7bfc5619548d5357c60738f194b02cce00cb5dad52dfc6a41ca03b0b50f5715cfef31fdc18661904b7061467413cd51738c24cdd23d762c524bca290d92056c8
Score

1^/10
behavioral2
- Target
  
  Roblox-Player-Server-Searcher-2.0.0/js/page-games.js
- Size
  
  2KB
- MD5
  
  fc110b4109fb00c7f6a23b91ed2a73b7
- SHA1
  
  f426a01a7ddc688fe1bfb363ecea8420487c1756
- SHA256
  
  d62335ad165e5314870add7972261a08fbac3c98db04a9bfbef342e5683c27da
- SHA512
  
  fcd994ddef59d01caba3b4c549e6747847e60de7b9994da7fcd15657ed5b8ac310155897781ca7f62f16677d53cde842b56837ef84f4c0b4b73778ad9e6dd57c
Score

1^/10
behavioral3
- Target
  
  Roblox-Player-Server-Searcher-2.0.0/js/searcher.js
- Size
  
  9KB
- MD5
  
  c8b3c08b56ea0c875eb8d89ab812d2ca
- SHA1
  
  0f1628b01a6afcfaf411e80bc51f0f970fe4d0b6
- SHA256
  
  8d376143c35d820795498ddf6608e5d0ed55d07c83148aa88619d8820962da6f
- SHA512
  
  dd134ea3f742060db0b597ab518ebb0b98f5ed05466e74afc5fc5def30cf03640bc04b226a6e5812aeef810bcb71b75cb7a791a7ac3b041813db47588b0f7124
- SSDEEP
  
  192:TseHqcltNv4hXAyJdIuXnveFWytTq3JUPpUxUvJElPKuBE3ScJJo/vUkR1ok+y0:7bltmOyJpGS5URUxUXugonU3kM
Score

1^/10
behavioral4
- Target
  
  Roblox-Player-Server-Searcher-2.0.0/resources/html/eula.html
- Size
  
  2KB
- MD5
  
  dc61263c9db7f5a5715ab667b13db599
- SHA1
  
  67f10b6c0a4e4510ccac6a0ad2c29647d3637fdd
- SHA256
  
  6c1b8f1729bf5165cfdc22a1fc8a26e78ebb3b7670ed0efc0d612a52cf47e8a7
- SHA512
  
  c292de2da8c28aac224fc74f716fc3a6e5abaf67050b46dfb00d23c67d14739ad1d0b362bb781640c1d7ee0c6d42e5c29d94cac93c549c09da3b230638c0d482
Score

1^/10
behavioral5
- Target
  
  Roblox-Player-Server-Searcher-2.0.0/resources/html/joining.html
- Size
  
  328B
- MD5
  
  d53c3dde0a2e771abca46396784a8868
- SHA1
  
  4f29f8a1b1950cd56d174a78f5369ae5fed82302
- SHA256
  
  36b2cf33635723cdc38fdb88578984fff041a3291510ac9436b6ca681837ab9b
- SHA512
  
  a8cacccc22c856983a5a6506206498252ccf31424e40b44b3df78904e45189168931c49eb581908f9bf5cf9a8e82af746337830c5e7c54fc9abb886238f75b23
Score

1^/10
behavioral6
- Target
  
  Roblox-Player-Server-Searcher-2.0.0/resources/html/layout.html
- Size
  
  828B
- MD5
  
  45b8bede5e9d16e2b7cf71fee235d998
- SHA1
  
  78e82f386d965669403c26d496c33a93bb339c17
- SHA256
  
  a011c2717907751b6471545079f234e11836191a90bd36cc47ee451445b67e4a
- SHA512
  
  9c3d5e9ee7d85c15f70a8d084ef3788c8f76f72fbf272fb937a2cf49cddf5386837ec63a318c90bd608589ac9f3f9d8c48a3b4a6db14f07f5d27ca07e176881e
Score

1^/10
behavioral7
- Target
  
  Roblox-Player-Server-Searcher-2.0.0/resources/html/new-update.html
- Size
  
  697B
- MD5
  
  7623b8350fb5c9c0cdc598b55e695aa6
- SHA1
  
  ea32e8a8ec5913c4d401fd657ceec8181991acbf
- SHA256
  
  364396bdfdbc3717e5c4cf2b6ebdbcb31111b89b32ed70b541fc74fb4410abde
- SHA512
  
  35e22beb50a00f34fecdd1f033cb60c69b718c156ad9cb124f3bdbacd390866ab0b0c792ed50647c9443c9802acde4cd2b76484e59ebafa616d4158985d2f294
Score

1^/10
behavioral8
- Target
  
  Roblox-Player-Server-Searcher-2.0.0/resources/html/player-in-other-game.html
- Size
  
  1KB
- MD5
  
  721ff93d7f33b82d2edeffa7b2919516
- SHA1
  
  e45b1fa73c4361d927ff527b23fd5ed41a4b4175
- SHA256
  
  031e5aadab2e1dfc704094134678ae09ea52dcea2200c731fe890e5c1ca26477
- SHA512
  
  8738de595ab250ee79f798fb81676d677690bea3338765409a3835d966e87c10d139015eb2590f71d386f8f891f8a89ad6025a8bbf6e6fcd3a4d417358f4d590
Score

1^/10
behavioral9
- Target
  
  Roblox-Player-Server-Searcher-2.0.0/resources/js/join.js
- Size
  
  1KB
- MD5
  
  b025fa81a1aa47f234e40f647a7f4d3d
- SHA1
  
  c81aafb6d3380feee6112a2df6c670eca82eb3bd
- SHA256
  
  9ff607694fccd02f024a8f421079938f2df7e9f8ac597b5e6c6725031bfab489
- SHA512
  
  1baf97f80cfbfec6c3bea32383c470e2dc8ebf645471b05080efeceadf49d0dca57c3db6ed4e77dfb44a46546160a7ea93226ab7c88115af1455fa100a774e51
Score

1^/10
behavioral10
- Target
  
  Roblox-Player-Server-Searcher-2.0.0/resources/js/player-in-other-game.js
- Size
  
  2KB
- MD5
  
  d4cec1d035a965d770257501156a0a7c
- SHA1
  
  b13741782e887c5a4906e02a8d2a918fa4194b3e
- SHA256
  
  df0cbef31368321056fed2ea5ba32bda396cc5f633ea5dcd55cbada69a41a505
- SHA512
  
  e08740d3990aef2f514b76f5f1e8629c29aefa85ee8a1f11491f603d3d818e4e80dbff35618695421b90e8a62720e76dbf47a647f1d14ae6f68124094cb96fba
Score

1^/10
behavioral11

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Modifies Installed Components in the registry

Sets file execution options in registry

Executes dropped EXE

Loads dropped DLL

Registers COM server for autorun

Checks installed software on the system

Checks whether UAC is enabled

Installs/modifies Browser Helper Object

Checks system information in the registry

Drops file in System32 directory

Suspicious use of NtCreateThreadExHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11