General
-
Target
roblox_CE.zip
-
Size
17.0MB
-
Sample
240425-p3b2xaah2t
-
MD5
4e14a7b29b9253d962bd0ec1431db720
-
SHA1
00e49a06829091dabacb7cb0f3c9e709097df06b
-
SHA256
71159411480a522b2b82a3dbd72f7e3335ee557a5e08d9fdec4ebfcc8028a530
-
SHA512
762b2f1bc84be91d9025e7626e812e9897f8267362c94e40100e395892a233bf6ff9b5cf594ba8837bf0fd61c6a1c48aa39e691f8c24402264a4a846c5907169
-
SSDEEP
393216:njhuP9lQUA5UGl4tAOg1kr7kZjmB6a2WQdAMzfgF3hp4YgRrGifZmSC:gVl87l4tAOX7kZAQdlz6hmtlpQ
Malware Config
Targets
-
-
Target
roblox_CE/ce_build.exe
-
Size
17.1MB
-
MD5
b472206ec5e5e4b959d0f18998a37d44
-
SHA1
4e01afcea4134aca4f13baa5752f61b56c435a16
-
SHA256
9c19964264cfcf7e38da598d9536df0bdec90b29ac1ea4300f5804b1102bf9b7
-
SHA512
13ad92ef10b77c9b768f73d44b3d4d20da68bcc3820210923a972997f43bd3d2588002511a60af321d8ce139ec7aa82aec030c5790b7c2174f3c9df082a0a773
-
SSDEEP
393216:2EGbM6UZbcjyu6LMvkEJ+NqwfnTqCJrsMZgTdeN4+Rs/:25bdUZoj5BJwVfTqC9sMqT0hs/
Score8/10-
Looks for VMWare Tools registry key
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-