Overview

overview

6

Static

static

1

RobloxPlay...er.exe

windows7-x64

6

RobloxPlay...er.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RobloxPlayerInstaller.exe

  • Size

    4.4MB

  • Sample

    240422-n7txvaba42

  • MD5

    49754baebc698fa5c100c42618775057

  • SHA1

    408bbe67a1a92001886d6eb2a41b51bfb50cad49

  • SHA256

    3e49e24060c5ecf09abfedb8c9f3ef09070c5f033ba156dee52b0778fb1183c9

  • SHA512

    3e9677083210041aa66bd963b7c2cd22f27d44acfd334b7954ad936d7228a1f0c1323b1f598f78286fdb9251584d33ab6267edffe4bf29c6b6b898ed4ea6a0a7

  • SSDEEP

    98304:wuvuP+p0Ex6bnYhHgfIG0ZqXN7Bgr+Wzb73:JuHECagAiNurVz3

Score
6/10
adwarediscoveryevasionpersistencestealertrojan

Malware Config

Targets

    • Target

      RobloxPlayerInstaller.exe

    • Size

      4.4MB

    • MD5

      49754baebc698fa5c100c42618775057

    • SHA1

      408bbe67a1a92001886d6eb2a41b51bfb50cad49

    • SHA256

      3e49e24060c5ecf09abfedb8c9f3ef09070c5f033ba156dee52b0778fb1183c9

    • SHA512

      3e9677083210041aa66bd963b7c2cd22f27d44acfd334b7954ad936d7228a1f0c1323b1f598f78286fdb9251584d33ab6267edffe4bf29c6b6b898ed4ea6a0a7

    • SSDEEP

      98304:wuvuP+p0Ex6bnYhHgfIG0ZqXN7Bgr+Wzb73:JuHECagAiNurVz3

    Score
    6/10
    discoveryevasionpersistencetrojanadwarestealer

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Downloads MZ/PE file

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Modifies Installed Components in the registry

      persistence

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

4
T1547

Registry Run Keys / Startup Folder

4
T1547.001

Browser Extensions

1
T1176

Privilege Escalation

Boot or Logon Autostart Execution

4
T1547

Registry Run Keys / Startup Folder

4
T1547.001

Defense Evasion

Modify Registry

7
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Discovery

System Information Discovery

4
T1082

Query Registry

3
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks