General
-
Target
RobloxPlayerInstaller.exe
-
Size
5.3MB
-
Sample
240524-r2zspahg89
-
MD5
f8abc05327115c321307efaf662498bb
-
SHA1
4d848adb9b0a5b278f97f75fa125145dcbffd572
-
SHA256
c89eda2b48317bd4da398d59213d86afa0c06034cab5e3ea5df5865e369d2a0f
-
SHA512
a6b70331ad553645cd82edc5f6bfa50b4bb16bfc2443469c7eb1ff79e6b4a246cfd7de0691da400777651529a2bca20311645a763dffbf7e10cc4334ab074ae4
-
SSDEEP
98304:UQviMiwd+WcstpBagkqJE6KFgKqkMnb18/KCmJxNE0iWu2oC:/F++7nKgfNCyEvWcC
Static task
static1
Malware Config
Targets
-
-
Target
RobloxPlayerInstaller.exe
-
Size
5.3MB
-
MD5
f8abc05327115c321307efaf662498bb
-
SHA1
4d848adb9b0a5b278f97f75fa125145dcbffd572
-
SHA256
c89eda2b48317bd4da398d59213d86afa0c06034cab5e3ea5df5865e369d2a0f
-
SHA512
a6b70331ad553645cd82edc5f6bfa50b4bb16bfc2443469c7eb1ff79e6b4a246cfd7de0691da400777651529a2bca20311645a763dffbf7e10cc4334ab074ae4
-
SSDEEP
98304:UQviMiwd+WcstpBagkqJE6KFgKqkMnb18/KCmJxNE0iWu2oC:/F++7nKgfNCyEvWcC
-
Downloads MZ/PE file
-
Modifies Installed Components in the registry
-
Sets file execution options in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-