General
-
Target
RobloxPlayerBeta.exe
-
Size
19.5MB
-
Sample
240509-dnhelaab36
-
MD5
32867f068d628999a7f623687659e15a
-
SHA1
677015cc479276eda4a8425ee92363faa5608f34
-
SHA256
c3edc1ea5fafff93c498a935e591ea3569582f63b04f3b8bbee10e59caf59826
-
SHA512
66ce881dcb55d54ef97b32616b9437714a451a3ab039d086be5a35a12f60103440425a4d4053e19248672a0cd848819ef6bbd809ffa50fa83916ab9cd788ddec
-
SSDEEP
196608:Whnc4ixZIxPW5SwLRXgWPmpzdhqiCeNsHFJMIDJ+gsAGKkR5QDT:5/5L1V8dxYFqy+gs15y
Behavioral task
behavioral1
Sample
RobloxPlayerBeta.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
RobloxPlayerBeta.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
RobloxPlayerBeta.exe
-
Size
19.5MB
-
MD5
32867f068d628999a7f623687659e15a
-
SHA1
677015cc479276eda4a8425ee92363faa5608f34
-
SHA256
c3edc1ea5fafff93c498a935e591ea3569582f63b04f3b8bbee10e59caf59826
-
SHA512
66ce881dcb55d54ef97b32616b9437714a451a3ab039d086be5a35a12f60103440425a4d4053e19248672a0cd848819ef6bbd809ffa50fa83916ab9cd788ddec
-
SSDEEP
196608:Whnc4ixZIxPW5SwLRXgWPmpzdhqiCeNsHFJMIDJ+gsAGKkR5QDT:5/5L1V8dxYFqy+gs15y
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Account Manipulation
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1