General

  • Target

    roblox-solara-external-exploit

  • Size

    821KB

  • Sample

    240515-1g5mwade85

  • MD5

    29bcf7482a8898566da985fd407f2a1c

  • SHA1

    96cc6778221124dd77a331f5545d80e1240d0f78

  • SHA256

    57622f53d742033d60dac1b2add50657593984381c6e51424533054247d815ae

  • SHA512

    ab5a0b0e129f3b93c24abc8e30e223e21c8d5ba48540e5b5b7c111a25cf5e1573926f3dd8c3a64eca78bed0bc85e070845798e7de7cb3feaf091b0e3e9a0a89c

  • SSDEEP

    6144:t1CnJZMQdrhDNwdkDKtriRty2fSBrjhV8MXhmnEC/rFGRuMF/UACURCa:t1M8kDKtre/qnrxmEC/xGnBoa

Malware Config

Targets

    • Target

      roblox-solara-external-exploit

    • Size

      821KB

    • MD5

      29bcf7482a8898566da985fd407f2a1c

    • SHA1

      96cc6778221124dd77a331f5545d80e1240d0f78

    • SHA256

      57622f53d742033d60dac1b2add50657593984381c6e51424533054247d815ae

    • SHA512

      ab5a0b0e129f3b93c24abc8e30e223e21c8d5ba48540e5b5b7c111a25cf5e1573926f3dd8c3a64eca78bed0bc85e070845798e7de7cb3feaf091b0e3e9a0a89c

    • SSDEEP

      6144:t1CnJZMQdrhDNwdkDKtriRty2fSBrjhV8MXhmnEC/rFGRuMF/UACURCa:t1M8kDKtre/qnrxmEC/xGnBoa

    • Downloads MZ/PE file

    • Sets file execution options in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Registers COM server for autorun

    • Checks for any installed AV software in registry

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks