4516b047f0e42c7da52071c388602ca575af53944d869aee5e687ce6eefe6f84 | Triage

Sharing

General

Target

RobloxPlayerLauncher.exe
Size

884KB
Sample

240620-ffbm7azbrd
MD5

e08730e0e3ee36a477cda966403acd1a
SHA1

9cbdb2886acd340c11cb70235655192605e72fd6
SHA256

4516b047f0e42c7da52071c388602ca575af53944d869aee5e687ce6eefe6f84
SHA512

958324fdd4fc82cda708f58de058767f309d6df50f9746738f62187bd932b71eb1d20869ff62dc7237ce9bcd8afdd6386c2b5c16734e304c5fad347b695da715
SSDEEP

12288:Vc7BKHlWKdQ10neuMpsUhRF55g+BqeWaTsS+6bS+EMDk7l:Vc7C1Q10neuUsUhRFjCaTU6W+EMDk7

Score

7^/10

discovery evasion persistence privilege_escalation spyware stealer trojan

Malware Config

Targets

- Target
  
  RobloxPlayerLauncher.exe
- Size
  
  884KB
- MD5
  
  e08730e0e3ee36a477cda966403acd1a
- SHA1
  
  9cbdb2886acd340c11cb70235655192605e72fd6
- SHA256
  
  4516b047f0e42c7da52071c388602ca575af53944d869aee5e687ce6eefe6f84
- SHA512
  
  958324fdd4fc82cda708f58de058767f309d6df50f9746738f62187bd932b71eb1d20869ff62dc7237ce9bcd8afdd6386c2b5c16734e304c5fad347b695da715
- SSDEEP
  
  12288:Vc7BKHlWKdQ10neuMpsUhRF55g+BqeWaTsS+6bS+EMDk7l:Vc7C1Q10neuUsUhRFjCaTU6W+EMDk7
Score

7^/10

discovery evasion persistence privilege_escalation spyware stealer trojan
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalationspywarestealertrojan