General
-
Target
RobloxPlayerInstaller.exe
-
Size
4.6MB
-
Sample
240415-neex8ada86
-
MD5
f16ac9b02b4726b444b383d76db1ae18
-
SHA1
7388c264874447d1ded6b6acaa35d26144d023a9
-
SHA256
f59c4acec3cd952c3ab981d56e1e68f543ad8684a3b44c6b59b70fbabc2b5ff0
-
SHA512
9bf0e99eae1406341358c787de4bfd412933af8ca064e0aa09f0bf6893b5d5d9899a82d360f423cc7fae6d647e7196778fddee031508caae99f4a9316e6edf39
-
SSDEEP
98304:Q+v//h75UcT+6O6QCp4jgzg2ar8S9rpTwkTPKXbSz:Jnh75nTS6Qvg3utwSiE
Static task
static1
Malware Config
Targets
-
-
Target
RobloxPlayerInstaller.exe
-
Size
4.6MB
-
MD5
f16ac9b02b4726b444b383d76db1ae18
-
SHA1
7388c264874447d1ded6b6acaa35d26144d023a9
-
SHA256
f59c4acec3cd952c3ab981d56e1e68f543ad8684a3b44c6b59b70fbabc2b5ff0
-
SHA512
9bf0e99eae1406341358c787de4bfd412933af8ca064e0aa09f0bf6893b5d5d9899a82d360f423cc7fae6d647e7196778fddee031508caae99f4a9316e6edf39
-
SSDEEP
98304:Q+v//h75UcT+6O6QCp4jgzg2ar8S9rpTwkTPKXbSz:Jnh75nTS6Qvg3utwSiE
-
Modifies AppInit DLL entries
-
Possible privilege escalation attempt
-
Modifies file permissions
-
Adds Run key to start application
-
Downloads MZ/PE file
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Modifies Installed Components in the registry
-
Sets file execution options in registry
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
5Registry Run Keys / Startup Folder
5Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
5Registry Run Keys / Startup Folder
5