324961104eeb40c40e6bd00278affe755c82d77189606280fffd37852db54c3f | Triage

Submit
Reports

Overview

overview

6

Static

static

1

RobloxStud...er.exe

windows10-2004-x64

6

Sharing

General

Target

RobloxStudioInstaller.exe
Size

5.2MB
Sample

240424-wmt14see73
MD5

9a5054a082e2d341025a7cfab14be01e
SHA1

6f880fa9008dfbd65ceed2022744b94d9c42231f
SHA256

324961104eeb40c40e6bd00278affe755c82d77189606280fffd37852db54c3f
SHA512

cf24a5a3b79894b93b041b2b5e71f494cbdff4cc524267b81b46c86ca5b001e3bc9a57b724f46d0bdd3ecb0fb3ccf0168db978e5928422df7023f736548c15b7
SSDEEP

98304:76vQ2fQxgxb9C+Qe+NsGnTQ6ILVpgiIIefOpmFCFnf0kiih/5ul7:iQ24Sb9j+N0jgTXClfNrg7

Score

6^/10

adware discovery evasion persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

RobloxStudioInstaller.exe

Resource

win10v2004-20240412-en

adware discovery evasion persistence stealer trojan

windows10-2004-x64

31 signatures

1800 seconds

Malware Config

Targets

- Target
  
  RobloxStudioInstaller.exe
- Size
  
  5.2MB
- MD5
  
  9a5054a082e2d341025a7cfab14be01e
- SHA1
  
  6f880fa9008dfbd65ceed2022744b94d9c42231f
- SHA256
  
  324961104eeb40c40e6bd00278affe755c82d77189606280fffd37852db54c3f
- SHA512
  
  cf24a5a3b79894b93b041b2b5e71f494cbdff4cc524267b81b46c86ca5b001e3bc9a57b724f46d0bdd3ecb0fb3ccf0168db978e5928422df7023f736548c15b7
- SSDEEP
  
  98304:76vQ2fQxgxb9C+Qe+NsGnTQ6ILVpgiIIefOpmFCFnf0kiih/5ul7:iQ24Sb9j+N0jgTXClfNrg7
Score

6^/10

adware discovery evasion persistence stealer trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Downloads MZ/PE file
- Drops desktop.ini file(s)
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

adwarediscoveryevasionpersistencestealertrojan

© 2018-2024

Terms | Privacy