Extracted

• • Target

    Roblox Executor.exe

  • Size

    231KB

  • MD5

    5b89a3d1ad450da99b67aaa3317cefaa

  • SHA1

    f7256fd6c764d20859b44f9d956a0bd11a2e47a4

  • SHA256

    7e0b011691401cfc5a7baf2ec11766fc3556f9ec3c30ad58f321d0aa61dc6f1f

  • SHA512

    ba3cc155768e48af1add8ffc43fc4e32d0580feaba50f6e621208a83a508a64f54fa4109d907970c24129c20fef92315a536a77b18ad34d23d77901b3b62f9de

  • SSDEEP

    6144:xloZMNrIkd8g+EtXHkv/iD4p0edCg/7IUR0STTKhqb8e1mxQi:DoZmL+EP8p0edCg/7IUR0STTKgE

  Score

  10^/10

  umbralexecutionspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1