General
-
Target
edGt3Auy0E Roblox.exe
-
Size
20.2MB
-
Sample
240407-wz9x4abc27
-
MD5
e5ba9e165fe2036b08304641fb488a5b
-
SHA1
79c609f06daabf79079fc694e063e937f20f1ed9
-
SHA256
168e7923fef080a922ec790f9e4466ca6dea631db3e77657be86e4d3f90a61e7
-
SHA512
7d12b3427880684365ad31c76c5cc13b5331e846134cbfc543b4b42ec5087e8fa0249e3d82181e4aa1477c6003d9de324f94ff9a2955272ca509bf7ffaebca80
-
SSDEEP
393216:jEkZQtsEP8AxYDX1+TtIiFA/IFcsr9oIOC95yYv7:jhQtsXX71QtIP/IJhot65yE
Behavioral task
behavioral1
Sample
edGt3Auy0E Roblox.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
edGt3Auy0E Roblox.exe
-
Size
20.2MB
-
MD5
e5ba9e165fe2036b08304641fb488a5b
-
SHA1
79c609f06daabf79079fc694e063e937f20f1ed9
-
SHA256
168e7923fef080a922ec790f9e4466ca6dea631db3e77657be86e4d3f90a61e7
-
SHA512
7d12b3427880684365ad31c76c5cc13b5331e846134cbfc543b4b42ec5087e8fa0249e3d82181e4aa1477c6003d9de324f94ff9a2955272ca509bf7ffaebca80
-
SSDEEP
393216:jEkZQtsEP8AxYDX1+TtIiFA/IFcsr9oIOC95yYv7:jhQtsXX71QtIP/IJhot65yE
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-