586adc8fe02d5ac562fbc338df3555732d9d0b77db7cad306aadec22447ce6f8 | Triage

Submit
Reports

Overview

overview

6

Static

static

1

RobloxPlay...er.exe

windows7-x64

6

RobloxPlay...er.exe

windows10-2004-x64

6

Sharing

General

Target

RobloxPlayerInstaller.exe
Size

5.3MB
Sample

240530-zyvzbshh3t
MD5

666f69bae6e56a62b7af6cb8496f677f
SHA1

ae052de936deeebe5fb8d8c059eb84fa38707c4d
SHA256

586adc8fe02d5ac562fbc338df3555732d9d0b77db7cad306aadec22447ce6f8
SHA512

ee479171bf4dbc0b7d690202e0a6c09ba88cac1a1a34e4f115c9d0c65f1ca752cf3d180d6047fa1066da933a48e8cac070d4f1dceec8abfd8ee1ab3590ff50ee
SSDEEP

98304:TYvoKhqqe2nun4wPPPJ+epgFnve4ryC+zEG1O1uFf:EZhPDMH3hgpQCkE6wKf

Score

6^/10

discovery evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

RobloxPlayerInstaller.exe

Resource

win7-20240221-en

discovery evasion persistence trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

RobloxPlayerInstaller.exe

Resource

win10v2004-20240508-en

discovery evasion persistence trojan

windows10-2004-x64

33 signatures

150 seconds

Malware Config

Targets

- Target
  
  RobloxPlayerInstaller.exe
- Size
  
  5.3MB
- MD5
  
  666f69bae6e56a62b7af6cb8496f677f
- SHA1
  
  ae052de936deeebe5fb8d8c059eb84fa38707c4d
- SHA256
  
  586adc8fe02d5ac562fbc338df3555732d9d0b77db7cad306aadec22447ce6f8
- SHA512
  
  ee479171bf4dbc0b7d690202e0a6c09ba88cac1a1a34e4f115c9d0c65f1ca752cf3d180d6047fa1066da933a48e8cac070d4f1dceec8abfd8ee1ab3590ff50ee
- SSDEEP
  
  98304:TYvoKhqqe2nun4wPPPJ+epgFnve4ryC+zEG1O1uFf:EZhPDMH3hgpQCkE6wKf
Score

6^/10

discovery evasion persistence trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Downloads MZ/PE file
- Drops desktop.ini file(s)
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2

discoveryevasionpersistencetrojan

© 2018-2025

Terms | Privacy