e74d896bc3469b5a28eb5a04ea364a9ab32737d573868fb08a327820ea624c04 | Triage

Submit
Reports

Overview

overview

6

Static

static

1

RobloxPlay...er.exe

windows11-21h2-x64

6

Resubmissions

20/05/2024, 03:24

240520-dyjemsab6z 6

19/05/2024, 10:50

240519-mxpppseg27 6

19/05/2024, 10:40

240519-mqs4jsee22 6

Sharing

Copy URL Twitter E-mail

General

Target

RobloxPlayerInstaller.exe
Size

5.3MB
Sample

240519-mxpppseg27
MD5

a2f58a117c60b1622eede88d2163ef19
SHA1

91ed6cf5b0efb2c0bd3e06ab5775775ccd1bd631
SHA256

e74d896bc3469b5a28eb5a04ea364a9ab32737d573868fb08a327820ea624c04
SHA512

19964984f66876032ef15283c25e31737e1f56c27a3f9d7fe204dccdc0a45c64e3380a5924f4b82301e55a5371bd7c9c61776e8ae6cb15a0e0502d189384c14f
SSDEEP

98304:puvAHeOV2xXx55gW2BhU3pwgfC3WhMgKCT5Pl72nzuk:kpOcxkBxgf0CRlaz5

Score

6^/10

discovery evasion execution persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

RobloxPlayerInstaller.exe

Resource

win11-20240419-en

discovery evasion execution persistence trojan

windows11-21h2-x64

35 signatures

1800 seconds

Malware Config

Targets

- Target
  
  RobloxPlayerInstaller.exe
- Size
  
  5.3MB
- MD5
  
  a2f58a117c60b1622eede88d2163ef19
- SHA1
  
  91ed6cf5b0efb2c0bd3e06ab5775775ccd1bd631
- SHA256
  
  e74d896bc3469b5a28eb5a04ea364a9ab32737d573868fb08a327820ea624c04
- SHA512
  
  19964984f66876032ef15283c25e31737e1f56c27a3f9d7fe204dccdc0a45c64e3380a5924f4b82301e55a5371bd7c9c61776e8ae6cb15a0e0502d189384c14f
- SSDEEP
  
  98304:puvAHeOV2xXx55gW2BhU3pwgfC3WhMgKCT5Pl72nzuk:kpOcxkBxgf0CRlaz5
Score

6^/10

discovery evasion execution persistence trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Downloads MZ/PE file
- Drops desktop.ini file(s)
- Sets file execution options in registry
  persistence
- Drops file in System32 directory
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionexecutionpersistencetrojan

© 2018-2025

Terms | Privacy