1ae49c6fb923a28187b2c5722b89c80f41e5e7fe21fcdf6104cba1ec4f326078 | Triage

Sharing

General

Target

version-2f99b302154c4478.rar
Size

144.6MB
Sample

240612-3jbhxsvfna
MD5

0893abede06fbc4e152002adaeb695a5
SHA1

0ac53e2b64868047816888e086b60fd57104e71c
SHA256

1ae49c6fb923a28187b2c5722b89c80f41e5e7fe21fcdf6104cba1ec4f326078
SHA512

c18faa01371ba01e5a4ef79c92a4049b0d5e8c78c93adcfbaf6cb2c1668adce88dface52cf69357fdeb5260b09eace8c742fb5c2523aa619c64ae2a826ce4d8d
SSDEEP

3145728:i9IekcLLdAV5+mxWBDfOKRuyM7JWxurG5XHAyDsTDidXZ1JqffB:HepPda5+NVG2u57MUShH0TDir1Jqx

Score

5^/10

execution

Malware Config

Targets

- Target
  
  version-2f99b302154c4478/RobloxCrashHandler.exe
- Size
  
  6.4MB
- MD5
  
  2a421bc9b343f6d0e5413f60252b9db8
- SHA1
  
  ac7ac745511b5e0f73ce41b3b04dd2bf792e63e5
- SHA256
  
  a3ae84e921f44b2cf1c6d8259dbdd69ba2f04a2a2427830234821821cd040ea0
- SHA512
  
  0dee1063f8414b34e40bd044f46092edf11442407f75b49e267a79a8dde1aa1a73b9905cc95d82c3c7fb66d37add4b85f0ffb95fe39f76c3a1df7ab0cb41880e
- SSDEEP
  
  98304:zU+xjY4vteq+7WyX4JpSOIp33K3+jTv7WGSJ:IuDv/+7WsoSOI1KOjz7WpJ
Score

1^/10
behavioral1 behavioral2
- Target
  
  version-2f99b302154c4478/RobloxPlayerBeta.dll
- Size
  
  17.9MB
- MD5
  
  bd22c42dd4641434cca4dd7c5c06aa90
- SHA1
  
  5b05fbe688bafe4ebbe8cc25bf0cc8d8d4226a46
- SHA256
  
  e9e0a55fd4045da2d5775210bc5a603c088b9dde281f5b209356063d2b948e29
- SHA512
  
  defaf7db4a3c9351bf069308d1d569796b270b346987e6865c8036cc65c0971f27b5ab28a21b7c5dc153e8df0a51464a7b9a0bdeeb21fb8b8700fd3f870ead26
- SSDEEP
  
  393216:bwNeFWa19QV3/20NnCGJZ4cO3ROSx39BJFTdNsd:bw4FWa19U3/20NnCcZ4cYROSx39BJFTO
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4
- Target
  
  version-2f99b302154c4478/RobloxPlayerBeta.exe
- Size
  
  87.1MB
- MD5
  
  9df96115b99e6b6e4b7a27e8810032de
- SHA1
  
  9a40772189129e2c782ffe9d024cfd69310b488d
- SHA256
  
  cf9c3426724b5219949d59cda4fab86294ad95769562cf882a6d31f97501a607
- SHA512
  
  906400f9d76b2717b653c4e054db5e91bd4a0e70584f21447b8ccbc8a9b176fc48247affd05c4543185842dbed93b93bff928b59aea4b94b6a7afa0b88d6ec48
- SSDEEP
  
  1572864:Tf2eZ40m1pCicEYeqhHF8kxd7Q6870H7kPwwrEBjxUUn6nRdYgx:TdxIpCiFu5F8kxJJG0H4Pw0EBjxNu
Score

5^/10
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral5 behavioral6
- Target
  
  version-2f99b302154c4478/WebView2Loader.dll
- Size
  
  154KB
- MD5
  
  577f05cd683ed0577f6c970ea57129e0
- SHA1
  
  aedf54a8976f0f8ff5588447c344595e3c468925
- SHA256
  
  7127f20daa0a0a74e120ab7423dd1b30c45908f8ee929f0c6cd2312b41c5bddf
- SHA512
  
  2d1aea243938a6a1289cf4efcd541f28ab370a85ef05ed27b7b6d81ce43cea671e06a0959994807923b1dfec3b382ee95bd6f9489b74bba59239601756082047
- SSDEEP
  
  3072:R8AhKsY0iHlDhvlUQN2gWNZ6hVThFEtqQbucPqAJwU:usY0+lNv6E2JYEtzbuuV
Score

1^/10
behavioral7 behavioral8
- Target
  
  version-2f99b302154c4478/content/configs/PerformanceConfigs/rofiler.js
- Size
  
  187KB
- MD5
  
  7b046e713e60c8848a954f38e02ea8d8
- SHA1
  
  cc0ae7e83052ceec5c8760e0c01124d808e44f3d
- SHA256
  
  56486fdb35025d52d0377f22d2c3c8c710e381ab0bdab5bec9f0e75a03110745
- SHA512
  
  be9e11027e79c50fb0c73decf0890fbc4d3705a7e4414f988ae5b315b9ff87d42e6624438762da785a8e46df02cdbce7c2f26c36a7c47eb2f0b06ce2486b2c5f
- SSDEEP
  
  1536:W67qZqvW5YkfrsvdOLiW1EmJAzOAME8/VaNCOzgdMJi8ig5V0WnkHJzTYtg2wNWF:WNZ15oW1Ej1iwtgfWawTJnP7R
Score

3^/10

execution
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10