f6a78cefa7457af397ec51bbf0593f062cdd932e932c4cfe0f3e5a2fb2653470

Sharing

Copy URL

Twitter E-mail

General

Target

RO-Exec-Roblox.zip
Size

17.9MB
Sample

240314-e8ttssch65
MD5

db00d50455bc337832a44b0ba0246aab
SHA1

2331065e93c9f367342b493aed144a2b672ede1e
SHA256

f6a78cefa7457af397ec51bbf0593f062cdd932e932c4cfe0f3e5a2fb2653470
SHA512

e3461c5ef7f02f883b4a52f04ee6221161c8183077a4396146d0e44cd5505712221a23539b10cf82acc44e173e6e93671f0a6242a3fc3185a96fb89c8b96f8d7
SSDEEP

393216:FgaHdlI3hr/+RL3qfCBi6thIiKuyo9kafQKTkeHXs6Ot6MDw1hHK2Ak/:qWduhr/YafCBi6QFo9v4kkqc6Otu1hu4

Score

7^/10

Malware Config

Targets

- Target
  
  RO-Exec-Roblox.zip
- Size
  
  17.9MB
- MD5
  
  db00d50455bc337832a44b0ba0246aab
- SHA1
  
  2331065e93c9f367342b493aed144a2b672ede1e
- SHA256
  
  f6a78cefa7457af397ec51bbf0593f062cdd932e932c4cfe0f3e5a2fb2653470
- SHA512
  
  e3461c5ef7f02f883b4a52f04ee6221161c8183077a4396146d0e44cd5505712221a23539b10cf82acc44e173e6e93671f0a6242a3fc3185a96fb89c8b96f8d7
- SSDEEP
  
  393216:FgaHdlI3hr/+RL3qfCBi6thIiKuyo9kafQKTkeHXs6Ot6MDw1hHK2Ak/:qWduhr/YafCBi6QFo9v4kkqc6Otu1hu4
Score

1^/10
behavioral1
- Target
  
  README.md
- Size
  
  131B
- MD5
  
  b0e33b162594126bdbd2d03bf17e036e
- SHA1
  
  ec5c49ab599e89e5f670e68d9e5f82e7fb90a579
- SHA256
  
  47ebad068a5f34b631cd52a5c9db570a73614e495166c6e66b3ea13a1a962f71
- SHA512
  
  ddbf5038ac7fcbdeca9e0f75b92a3fa673fd8d63d6e6a4495f8a5d31f5fae102c3fe62ebcd847fe8bc14d4141727ef877b4289bc1babe540352b732fc118ce69
Score

3^/10
behavioral2
- Target
  
  README.txt
- Size
  
  928B
- MD5
  
  4a696fefeef0bae73a3358e7bba47413
- SHA1
  
  da4ba272db35131c93af20d019d10502c80485a5
- SHA256
  
  dc45080b1009ad874227ef73d1cadfc8ee13eb9778d49830da102af248b6f067
- SHA512
  
  5be178f006d42816b2c5ef237bdc117058d624561318393e4e75ec36e12c2349e8fb8f3c0a9bcefd78891b0cbb4e57a8e27542b79af6af474b40a5a2b1c06382
Score

3^/10
behavioral3
- Target
  
  RO-EXEC.exe
- Size
  
  17.7MB
- MD5
  
  9baf333533526671666a7258dba662a3
- SHA1
  
  88d20788f856b493974a90458351742d6d051021
- SHA256
  
  af6aa2d72fae208563ecb1cbd371dd317dec9635ab5dcd10aab753b0c60ab71a
- SHA512
  
  fcb81321814b1dfb4c9e61b6f5c8bdc12a1e6fffd6674b2eb162558f8439169fd40713d4dc2857c9f3b6e12cdba1006374f7eeed9f1e01bdf13b8bb371ef5535
- SSDEEP
  
  393216:2u7L/m1lc3GH6YkDInEroXz/m3pmsKkXggwW+TA39BYBJHXz4vvfZV1hNHSUr:2CLe1cGHfjErUzKmoxbQA3ry38vvH1hP
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral4
- Target
  
  cstealer.pyc
- Size
  
  41KB
- MD5
  
  0c49b027bb3141562b60489be1240223
- SHA1
  
  4b9e3a0f5585b19c578e4e9d1549e84f1a3054c8
- SHA256
  
  ea4b0a467afe19ca827f5a520b24b1f8c03379ceac962a99767492f6d976101f
- SHA512
  
  db68deb078f671ca07850ad0c48477b49fd6bf17f5ae8401a9a2b186c7e0619a201930b780f879007b2ed575e8d3ba6d306f82fc7218133f65a9dbd8868b9305
- SSDEEP
  
  768:gRHGE04WPV4O3Oo0horA3ZJs84vaAEmaAqxN1ZUi/qq6rgWigm4Ag7HHrQZuHoiL:kGyE5yhhJs8eafRZUkq5rgWig7AmmnE5
Score

3^/10
behavioral5
- Target
  
  auto_load.txt
- Size
  
  191KB
- MD5
  
  2c88d595bd58a3f1c5292a4d93285691
- SHA1
  
  5efaacec322a880e293b2ffe50af613a7ecf6ba5
- SHA256
  
  1d09d39eb00a2b36143076d41269f547fb01f0c7091b2f3c19bc8a2bdbe6a82e
- SHA512
  
  88d12d556753bf870d584183027017a7a0b531a1fd51703eb39545bced7af83698cc4beb2e9540d6ab5837cd43af0b3d704bb7ef94c7b1ef4b3c72080c1d8bb5
- SSDEEP
  
  3072:ZX+4sdNphRBeTy01+Op/MbaOPGut+rAyiMvwxArJ7q/B:5KxkBI0kb3yrARqJa
Score

3^/10
behavioral6
- Target
  
  configs/autosave.cfg
- Size
  
  916B
- MD5
  
  024ab27dfe02dbcd5357528ac4dbe028
- SHA1
  
  2f2b7df7b4557e274d4255cebd65d6d7c125cf95
- SHA256
  
  c029522bb51f2eea602e3818be4b495282cc2d8da92421f8bf3ced7dc46098bd
- SHA512
  
  f87d48447e5663be7e63f7f7934d33c795f2201acc753720bbf77af49cf8ab44b6f9618a2a22dd8f08a5d67424ca0c7c566b15b3f172edc34af4b29a23b5d137
Score

3^/10
behavioral7
- Target
  
  lua51.dll
- Size
  
  592KB
- MD5
  
  3dff7448b43fcfb4dc65e0040b0ffb88
- SHA1
  
  583cdab08519d99f49234965ffd07688ccf52c56
- SHA256
  
  ff976f6e965e3793e278fa9bf5e80b9b226a0b3932b9da764bffc8e41e6cdb60
- SHA512
  
  cdcbe0ec9ddd6b605161e3c30ce3de721f1333fce85985e88928086b1578435dc67373c3dc3492ed8eae0d63987cac633aa4099b205989dcbb91cbbfc8f6a394
- SSDEEP
  
  12288:rs7/mj/73RaLHIW5BmUeUhoE4RgiF1q1bPIBKsg4Db0S:rc/u/7IoRnUKfq1Dl4DY
Score

3^/10
behavioral8
- Target
  
  start.bat
- Size
  
  549B
- MD5
  
  5474f8e86ff754653187fc4e9631091d
- SHA1
  
  df11da7d2970dec07fe959e10c81b75a416a81d6
- SHA256
  
  b815050f9eac79e83efe90d6ea89f65ecb23e6653aef5c1f04f2f9fb1d118bc5
- SHA512
  
  39003b46eafad9705a12ce7c5a97b99a49760e72d67c4e7dc3aa30480d74a21535950241898ce78128342232677cfaa41b46aa3e51dbac0d713ed9b2054e8066
Score

1^/10
behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Drops startup file

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9