General
-
Target
Roblox Executor.exe
-
Size
231KB
-
MD5
5b89a3d1ad450da99b67aaa3317cefaa
-
SHA1
f7256fd6c764d20859b44f9d956a0bd11a2e47a4
-
SHA256
7e0b011691401cfc5a7baf2ec11766fc3556f9ec3c30ad58f321d0aa61dc6f1f
-
SHA512
ba3cc155768e48af1add8ffc43fc4e32d0580feaba50f6e621208a83a508a64f54fa4109d907970c24129c20fef92315a536a77b18ad34d23d77901b3b62f9de
-
SSDEEP
6144:xloZMNrIkd8g+EtXHkv/iD4p0edCg/7IUR0STTKhqb8e1mxQi:DoZmL+EP8p0edCg/7IUR0STTKgE
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1220853479430553630/LnW_QRiwz9UPXO5pmFGR-ac2r9RN1VSXvdho_nhVJua1a3grKxdcqqUqmMbclLcaZKZZ
Signatures
-
Detect Umbral payload 1 IoCs
resource yara_rule sample family_umbral -
Umbral family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Roblox Executor.exe
Files
-
Roblox Executor.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 228KB - Virtual size: 228KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ