General

  • Target

    RobloxPlayerBeta.exe

  • Size

    19.5MB

  • Sample

    240509-e8qr5sba7t

  • MD5

    32867f068d628999a7f623687659e15a

  • SHA1

    677015cc479276eda4a8425ee92363faa5608f34

  • SHA256

    c3edc1ea5fafff93c498a935e591ea3569582f63b04f3b8bbee10e59caf59826

  • SHA512

    66ce881dcb55d54ef97b32616b9437714a451a3ab039d086be5a35a12f60103440425a4d4053e19248672a0cd848819ef6bbd809ffa50fa83916ab9cd788ddec

  • SSDEEP

    196608:Whnc4ixZIxPW5SwLRXgWPmpzdhqiCeNsHFJMIDJ+gsAGKkR5QDT:5/5L1V8dxYFqy+gs15y

Malware Config

Targets

    • Target

      RobloxPlayerBeta.exe

    • Size

      19.5MB

    • MD5

      32867f068d628999a7f623687659e15a

    • SHA1

      677015cc479276eda4a8425ee92363faa5608f34

    • SHA256

      c3edc1ea5fafff93c498a935e591ea3569582f63b04f3b8bbee10e59caf59826

    • SHA512

      66ce881dcb55d54ef97b32616b9437714a451a3ab039d086be5a35a12f60103440425a4d4053e19248672a0cd848819ef6bbd809ffa50fa83916ab9cd788ddec

    • SSDEEP

      196608:Whnc4ixZIxPW5SwLRXgWPmpzdhqiCeNsHFJMIDJ+gsAGKkR5QDT:5/5L1V8dxYFqy+gs15y

    • Modifies Windows Firewall

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks