General
-
Target
robloxcheat.exe
-
Size
10.3MB
-
Sample
240603-gyfwasfe28
-
MD5
190787072f456e49fc896eb834d8f89c
-
SHA1
45cfdefffa4052eb2a309edfda5ff82009bba4c6
-
SHA256
008a3e59a8808ebf160a51a6dd62f693c904ba28a6af8cba04f457017d3eff26
-
SHA512
bc0f885970479fc348c354e15208aa3f4ca7b2bde923b918ac297ddf7eda838284a7af3728e8a4ab6e40f0d28ca72f0e1087fc53b9107b85c32a60cd8615c471
-
SSDEEP
196608:nhGg7EkfcdoBA1HeT39IigwdeE9TFa0Z8DOjCdylLhYMfRXQfkKoXKh:BEkfc6q1+TtIiFUY9Z8D8CcldlZgUXKh
Malware Config
Targets
-
-
Target
robloxcheat.exe
-
Size
10.3MB
-
MD5
190787072f456e49fc896eb834d8f89c
-
SHA1
45cfdefffa4052eb2a309edfda5ff82009bba4c6
-
SHA256
008a3e59a8808ebf160a51a6dd62f693c904ba28a6af8cba04f457017d3eff26
-
SHA512
bc0f885970479fc348c354e15208aa3f4ca7b2bde923b918ac297ddf7eda838284a7af3728e8a4ab6e40f0d28ca72f0e1087fc53b9107b85c32a60cd8615c471
-
SSDEEP
196608:nhGg7EkfcdoBA1HeT39IigwdeE9TFa0Z8DOjCdylLhYMfRXQfkKoXKh:BEkfc6q1+TtIiFUY9Z8D8CcldlZgUXKh
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-