Overview

overview

7

Static

static

3

RO-Exec-Ro...EC.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    RO-Exec-Roblox-main.zip

  • Size

    17.9MB

  • Sample

    240307-tjfm7sgb2z

  • MD5

    68c9a95464718e07c66b00419377b28b

  • SHA1

    37318f350578f5d2caf250c7739c46a97e2d3dec

  • SHA256

    8a76ce032194e36a5bf76a84e24c7251e65d0092db225a34807a624c7dff7cf8

  • SHA512

    62958486b7d9de9f69d916b33af677905457fb20b5192885cb41f2a6e6103d87e9a8eff5fb7d577d072485cebbc1911a36ffee2c7313f92a41c17c55ea83021a

  • SSDEEP

    393216:1Ur3oDLrf90EH+qpP8dN++I6U2yU0kGPzGWq0PGOJPRzAKc/VHjLBqUZUu:6kDffWEHbpPM7t6Uiq/UGGPRzATHjzZX

Score
7/10
pyinstallerspywarestealer

Malware Config

Targets

    • Target

      RO-Exec-Roblox-main/RO-EXEC.exe

    • Size

      17.7MB

    • MD5

      88e4a9ef7fa6d977e9390a2971f616b7

    • SHA1

      d65a450f469eee5a1f936f472dbb57cffeb7e05c

    • SHA256

      16b9cad3444a121a547e7de65f5181a840d8d800297f4e3f610dfd553dd411f0

    • SHA512

      5b06aaed908be17b4b127f3933e658f027b523d6fd2178cf747b0e8cd18fe5103265e6bcd3116718220f360b141b807a7716a4bce7d71381c9ca3ee3d794a711

    • SSDEEP

      393216:9u7L/m1lc3GH6YkDInEroXz/m3pmsKkXggwW+TA39BYBJHXz6v6fWlg1+NHSaf:9CLe1cGHfjErUzKmoxbQA3ry3uv6h1+n

    Score
    7/10
    spywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks