Overview

overview

7

Static

static

7

RobloxPlay...er.exe

windows11-21h2-x64

6

Resubmissions

09-04-2024 14:09

240409-rgj7hacd5y 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Testing.zip

  • Size

    158.5MB

  • Sample

    240409-rgj7hacd5y

  • MD5

    f02677461afd8bdad74ba52dd21a2744

  • SHA1

    5a1ae82574f14ed8cada2ac6c15d47c33972c7b4

  • SHA256

    7155d07e30bb7dc42bf54d553f55b7485df7d55577faf722fd88f52172098652

  • SHA512

    3449f0f45fca5ae4aab434b5eeb1fc3d09fc2740b0da8902ee1c8d56ef9db478bf0d9a5afa1f1f2260192ecb05e46108cfc50cf25537c313b0b58229301cf32c

  • SSDEEP

    3145728:j1MdUGmeb9zBacu9ZSVIywl/Wf9cepahB010Z46MEufHSVwOvxJtxxyd:Cb9BYnywVWVcepahs/EFVjvxVxyd

Score
7/10
discoveryevasionpersistencethemidatrojan

Malware Config

Targets

    • Target

      RobloxPlayerInstaller.exe

    • Size

      4.6MB

    • MD5

      1b57a241eed58ce47249a846f2391652

    • SHA1

      345999af03a6c515191d212a200fad24039100c1

    • SHA256

      25913bcf70e0a8447e3ae39294cb3c3be44f15dcbccc4a0cd2aa4538e5ecc0f1

    • SHA512

      870cc586696961c4de63643f264514140357cad1c9a4eaf9f1e631507c680359cdc760728afd46f6511155dc5c37b7c61dcd6825b185635aa0353fb18313a8c0

    • SSDEEP

      98304:qXv8fLneOI8A0vq1pmgKkt6paeVtBN0Y2ycun:ikL48flgdsBKxlS

    Score
    6/10
    discoveryevasionpersistencetrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Downloads MZ/PE file

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Sets file execution options in registry

      persistence

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks