Overview

overview

10

Static

static

1

RobloxPlay...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RobloxPlayerLauncher.exe

  • Size

    1.6MB

  • Sample

    240414-qnzebsgg98

  • MD5

    df3c89248671866cfb9e0a407fad20b4

  • SHA1

    2258e20671e6aaba8ce75abb5bc5bca8c4df0035

  • SHA256

    93580834e65af2f5a83aacef47a1ec3ef45fc6ab9683ec4df771bbea713ab38f

  • SHA512

    f6658f2653aefebc573518773c97319d87d70cabeb182cd622a5722d4df0417df17318f4b25b7929ab03e982a072e914175971b96e205356c5c6a23a3fedaf01

  • SSDEEP

    49152:NmAhTN2Q5MmBRS+qYNS2+3njUrG+TvamoGXtTOgM7PMQpdAUFTHrPHHoV5N:gAhTkyZBdM2+3njUmrPHA

Score
10/10
jigsawdiscoveryevasionpersistenceransomwarespywarestealertrojan

Malware Config

Targets

    • Target

      RobloxPlayerLauncher.exe

    • Size

      1.6MB

    • MD5

      df3c89248671866cfb9e0a407fad20b4

    • SHA1

      2258e20671e6aaba8ce75abb5bc5bca8c4df0035

    • SHA256

      93580834e65af2f5a83aacef47a1ec3ef45fc6ab9683ec4df771bbea713ab38f

    • SHA512

      f6658f2653aefebc573518773c97319d87d70cabeb182cd622a5722d4df0417df17318f4b25b7929ab03e982a072e914175971b96e205356c5c6a23a3fedaf01

    • SSDEEP

      49152:NmAhTN2Q5MmBRS+qYNS2+3njUrG+TvamoGXtTOgM7PMQpdAUFTHrPHHoV5N:gAhTkyZBdM2+3njUmrPHA

    Score
    10/10
    jigsawdiscoveryevasionpersistenceransomwarespywarestealertrojan

    • Jigsaw Ransomware

      Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

      ransomwarejigsaw

    • Renames multiple (258) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Downloads MZ/PE file

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Registers COM server for autorun

      persistence

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks