0e774f8533566b6221fdd374f4f6f30551f4e6aeb4848521445d15158f029855 | Triage

Submit
Reports

Overview

overview

6

Static

static

1

RobloxPlay...1).exe

windows11-21h2-x64

6

RobloxPlay...1).exe

android-13-x64

RobloxPlay...1).exe

ubuntu-24.04-amd64

Sharing

General

Target

RobloxPlayerInstaller (1).exe
Size

4.5MB
Sample

240601-xqvx9abh8z
MD5

c9c89a5180728704d9fc8b10fcfa5124
SHA1

6eb7edac4c879645641394eb20db3cf707019b47
SHA256

0e774f8533566b6221fdd374f4f6f30551f4e6aeb4848521445d15158f029855
SHA512

98fbac35cbfff889ffb7a9b26684aee196237a54a9548285c233c2abf0a6a1f7588eb28d166a3a32e103f974418a7e75477cc699e5f0c8e3e290916b44ffc220
SSDEEP

98304:Smvn+iSkszLaY6ZZBrKv0Log5yGj06VuXJ+2npsbLfNzt:P+iBsGZ7KngtE+YK3fdt

Score

6^/10

adware android discovery evasion linux persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

RobloxPlayerInstaller (1).exe

Resource

win11-20240508-en

adware discovery evasion persistence stealer trojan

windows11-21h2-x64

26 signatures

1800 seconds

Behavioral task

behavioral2

Sample

RobloxPlayerInstaller (1).exe

Resource

android-33-x64-arm64-20240514-en

android-13-x64

0 signatures

1800 seconds

Behavioral task

behavioral3

Sample

RobloxPlayerInstaller (1).exe

Resource

ubuntu2404-amd64-20240523-en

ubuntu-24.04-amd64

0 signatures

1800 seconds

Malware Config

Targets

- Target
  
  RobloxPlayerInstaller (1).exe
- Size
  
  4.5MB
- MD5
  
  c9c89a5180728704d9fc8b10fcfa5124
- SHA1
  
  6eb7edac4c879645641394eb20db3cf707019b47
- SHA256
  
  0e774f8533566b6221fdd374f4f6f30551f4e6aeb4848521445d15158f029855
- SHA512
  
  98fbac35cbfff889ffb7a9b26684aee196237a54a9548285c233c2abf0a6a1f7588eb28d166a3a32e103f974418a7e75477cc699e5f0c8e3e290916b44ffc220
- SSDEEP
  
  98304:Smvn+iSkszLaY6ZZBrKv0Log5yGj06VuXJ+2npsbLfNzt:P+iBsGZ7KngtE+YK3fdt
Score

6^/10

adware discovery evasion persistence stealer trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Downloads MZ/PE file
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Drops file in System32 directory
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

adwarediscoveryevasionpersistencestealertrojan

behavioral2

behavioral3

© 2018-2024

Terms | Privacy