General

  • Target

    https://www.roblox.com/

  • Sample

    240501-wy2v4ada9w

Score
8/10

Malware Config

Targets

    • Target

      https://www.roblox.com/

    Score
    8/10
    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Detected potential entity reuse from brand microsoft.

MITRE ATT&CK Enterprise v15

Tasks