General
-
Target
RobloxPlayerLauncher.exe
-
Size
5.7MB
-
Sample
240529-shnfzsaa6s
-
MD5
938199ca646378b696716037afc964ba
-
SHA1
2d865bfeccf3badef2f64e5d6453e6ab71d5f5a7
-
SHA256
2acc3e0879e4a71a6b08e2d6af7b238198d2eda73518b9394d82d00b010c9d7e
-
SHA512
1a37727c5dfaffa3023845592b400acc226face537176064698b8415d79284b6276fe68bf0e5870dc8898a846f923bd95eaac1d185613759ad6ca1068456b322
-
SSDEEP
98304:/gvtZLOEVA+Wg9S5S6biBgjKzK4LrJgrWteDRCZGFy8JsuWb:A7KEKnm9K8grTCMywsZ
Malware Config
Targets
-
-
Target
RobloxPlayerLauncher.exe
-
Size
5.7MB
-
MD5
938199ca646378b696716037afc964ba
-
SHA1
2d865bfeccf3badef2f64e5d6453e6ab71d5f5a7
-
SHA256
2acc3e0879e4a71a6b08e2d6af7b238198d2eda73518b9394d82d00b010c9d7e
-
SHA512
1a37727c5dfaffa3023845592b400acc226face537176064698b8415d79284b6276fe68bf0e5870dc8898a846f923bd95eaac1d185613759ad6ca1068456b322
-
SSDEEP
98304:/gvtZLOEVA+Wg9S5S6biBgjKzK4LrJgrWteDRCZGFy8JsuWb:A7KEKnm9K8grTCMywsZ
Score8/10-
Downloads MZ/PE file
-
Modifies Installed Components in the registry
-
Sets file execution options in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-