General

  • Target

    edGt3Auy0E Roblox.exe

  • Size

    20.2MB

  • Sample

    240407-wz9x4abc27

  • MD5

    e5ba9e165fe2036b08304641fb488a5b

  • SHA1

    79c609f06daabf79079fc694e063e937f20f1ed9

  • SHA256

    168e7923fef080a922ec790f9e4466ca6dea631db3e77657be86e4d3f90a61e7

  • SHA512

    7d12b3427880684365ad31c76c5cc13b5331e846134cbfc543b4b42ec5087e8fa0249e3d82181e4aa1477c6003d9de324f94ff9a2955272ca509bf7ffaebca80

  • SSDEEP

    393216:jEkZQtsEP8AxYDX1+TtIiFA/IFcsr9oIOC95yYv7:jhQtsXX71QtIP/IJhot65yE

Malware Config

Targets

    • Target

      edGt3Auy0E Roblox.exe

    • Size

      20.2MB

    • MD5

      e5ba9e165fe2036b08304641fb488a5b

    • SHA1

      79c609f06daabf79079fc694e063e937f20f1ed9

    • SHA256

      168e7923fef080a922ec790f9e4466ca6dea631db3e77657be86e4d3f90a61e7

    • SHA512

      7d12b3427880684365ad31c76c5cc13b5331e846134cbfc543b4b42ec5087e8fa0249e3d82181e4aa1477c6003d9de324f94ff9a2955272ca509bf7ffaebca80

    • SSDEEP

      393216:jEkZQtsEP8AxYDX1+TtIiFA/IFcsr9oIOC95yYv7:jhQtsXX71QtIP/IJhot65yE

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks