2c06eec63b04eb812ee682e56d9d70896b15d1c647929e26f9d85cd383e667f3 | Triage

Submit
Reports

Overview

overview

6

Static

static

1

RobloxPlay...er.exe

windows10-1703-x64

6

Sharing

General

Target

RobloxPlayerInstaller.exe
Size

5.2MB
Sample

240425-n8qa2sae76
MD5

0c1b8a4ef9d42a8bb164a9cb3c6d5f13
SHA1

ae69fa0b3266efe502b5c6fcfce897de61db027f
SHA256

2c06eec63b04eb812ee682e56d9d70896b15d1c647929e26f9d85cd383e667f3
SHA512

882821984373f14d1d245d1bbea77b77bc92fe9012604da0151835c5822c25289ded8cbb76663fa29d36f231b28d8057a7a835f49b97761fe89f7c727e563dfc
SSDEEP

98304:BavtU9JZMdWpkTAnsLYAfgHsZByuJXCfD87VqQuu:EKZM8kCs5gHcvCb8J1P

Score

6^/10

discovery evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

RobloxPlayerInstaller.exe

Resource

win10-20240404-en

discovery evasion persistence trojan

windows10-1703-x64

27 signatures

600 seconds

Malware Config

Targets

- Target
  
  RobloxPlayerInstaller.exe
- Size
  
  5.2MB
- MD5
  
  0c1b8a4ef9d42a8bb164a9cb3c6d5f13
- SHA1
  
  ae69fa0b3266efe502b5c6fcfce897de61db027f
- SHA256
  
  2c06eec63b04eb812ee682e56d9d70896b15d1c647929e26f9d85cd383e667f3
- SHA512
  
  882821984373f14d1d245d1bbea77b77bc92fe9012604da0151835c5822c25289ded8cbb76663fa29d36f231b28d8057a7a835f49b97761fe89f7c727e563dfc
- SSDEEP
  
  98304:BavtU9JZMdWpkTAnsLYAfgHsZByuJXCfD87VqQuu:EKZM8kCs5gHcvCb8J1P
Score

6^/10

discovery evasion persistence trojan
- Checks whether UAC is enabled
  evasion trojan
- Downloads MZ/PE file
- Sets file execution options in registry
  persistence
- Drops file in System32 directory
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

© 2018-2024

Terms | Privacy