General

  • Target

    robloxcheat.exe

  • Size

    10.3MB

  • Sample

    240603-gyfwasfe28

  • MD5

    190787072f456e49fc896eb834d8f89c

  • SHA1

    45cfdefffa4052eb2a309edfda5ff82009bba4c6

  • SHA256

    008a3e59a8808ebf160a51a6dd62f693c904ba28a6af8cba04f457017d3eff26

  • SHA512

    bc0f885970479fc348c354e15208aa3f4ca7b2bde923b918ac297ddf7eda838284a7af3728e8a4ab6e40f0d28ca72f0e1087fc53b9107b85c32a60cd8615c471

  • SSDEEP

    196608:nhGg7EkfcdoBA1HeT39IigwdeE9TFa0Z8DOjCdylLhYMfRXQfkKoXKh:BEkfc6q1+TtIiFUY9Z8D8CcldlZgUXKh

Malware Config

Targets

    • Target

      robloxcheat.exe

    • Size

      10.3MB

    • MD5

      190787072f456e49fc896eb834d8f89c

    • SHA1

      45cfdefffa4052eb2a309edfda5ff82009bba4c6

    • SHA256

      008a3e59a8808ebf160a51a6dd62f693c904ba28a6af8cba04f457017d3eff26

    • SHA512

      bc0f885970479fc348c354e15208aa3f4ca7b2bde923b918ac297ddf7eda838284a7af3728e8a4ab6e40f0d28ca72f0e1087fc53b9107b85c32a60cd8615c471

    • SSDEEP

      196608:nhGg7EkfcdoBA1HeT39IigwdeE9TFa0Z8DOjCdylLhYMfRXQfkKoXKh:BEkfc6q1+TtIiFUY9Z8D8CcldlZgUXKh

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks