f59c4acec3cd952c3ab981d56e1e68f543ad8684a3b44c6b59b70fbabc2b5ff0 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

RobloxPlay...er.exe

windows11-21h2-x64

8

Sharing

General

Target

RobloxPlayerInstaller.exe
Size

4.6MB
Sample

240415-neex8ada86
MD5

f16ac9b02b4726b444b383d76db1ae18
SHA1

7388c264874447d1ded6b6acaa35d26144d023a9
SHA256

f59c4acec3cd952c3ab981d56e1e68f543ad8684a3b44c6b59b70fbabc2b5ff0
SHA512

9bf0e99eae1406341358c787de4bfd412933af8ca064e0aa09f0bf6893b5d5d9899a82d360f423cc7fae6d647e7196778fddee031508caae99f4a9316e6edf39
SSDEEP

98304:Q+v//h75UcT+6O6QCp4jgzg2ar8S9rpTwkTPKXbSz:Jnh75nTS6Qvg3utwSiE

Score

8^/10

adware discovery evasion exploit persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

RobloxPlayerInstaller.exe

Resource

win11-20240412-en

adware discovery evasion exploit persistence stealer trojan

windows11-21h2-x64

43 signatures

1800 seconds

Malware Config

Targets

- Target
  
  RobloxPlayerInstaller.exe
- Size
  
  4.6MB
- MD5
  
  f16ac9b02b4726b444b383d76db1ae18
- SHA1
  
  7388c264874447d1ded6b6acaa35d26144d023a9
- SHA256
  
  f59c4acec3cd952c3ab981d56e1e68f543ad8684a3b44c6b59b70fbabc2b5ff0
- SHA512
  
  9bf0e99eae1406341358c787de4bfd412933af8ca064e0aa09f0bf6893b5d5d9899a82d360f423cc7fae6d647e7196778fddee031508caae99f4a9316e6edf39
- SSDEEP
  
  98304:Q+v//h75UcT+6O6QCp4jgzg2ar8S9rpTwkTPKXbSz:Jnh75nTS6Qvg3utwSiE
Score

8^/10

adware discovery evasion exploit persistence stealer trojan
- Modifies AppInit DLL entries
  persistence
- Possible privilege escalation attempt
  exploit
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Downloads MZ/PE file
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Legitimate hosting services abused for malware hosting/C2
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Drops file in System32 directory
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

File and Directory Permissions Modification

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

adwarediscoveryevasionexploitpersistencestealertrojan

© 2018-2024

Terms | Privacy