General
-
Target
RobloxPlayerInstaller (5).exe
-
Size
176KB
-
Sample
240625-a1q1qa1bqa
-
MD5
b0c9e6677fecf10fc3f0ce262a1ad331
-
SHA1
d45c158a7685f37b0aa862c7fa898ec9cedf02c3
-
SHA256
bfe077d8ac72747c71c4983541bfb6b776799512b375eed68821f2e39bd175a7
-
SHA512
d0f53afcfdaf5732a135b2f86de15bf10a400432d65203529f326976415f0d0ab42b63b062037217dfafa456a367d043a16db67a82f8798adaf492f6d659d2ed
-
SSDEEP
3072:MRq9GPmn8jbK55fWgQoq/FfmDo7VHkkkkkkkkkkkkkkkkkakkRkkAjiAL+dU6VD6:voPA8jbEl5idPxHkkkkkkkkkkkkkkkkT
Behavioral task
behavioral1
Sample
RobloxPlayerInstaller (5).exe
Resource
win11-20240419-en
Malware Config
Extracted
asyncrat
1.0.7
Default
127.0.0.1:80
127.0.0.1:21434
mcdonaldsincorp-21434.portmap.host:80
mcdonaldsincorp-21434.portmap.host:21434
DcRatMutex_qwqdanchun
-
delay
1
-
install
true
-
install_file
RobloxPlayerBeta.exe
-
install_folder
%AppData%
Targets
-
-
Target
RobloxPlayerInstaller (5).exe
-
Size
176KB
-
MD5
b0c9e6677fecf10fc3f0ce262a1ad331
-
SHA1
d45c158a7685f37b0aa862c7fa898ec9cedf02c3
-
SHA256
bfe077d8ac72747c71c4983541bfb6b776799512b375eed68821f2e39bd175a7
-
SHA512
d0f53afcfdaf5732a135b2f86de15bf10a400432d65203529f326976415f0d0ab42b63b062037217dfafa456a367d043a16db67a82f8798adaf492f6d659d2ed
-
SSDEEP
3072:MRq9GPmn8jbK55fWgQoq/FfmDo7VHkkkkkkkkkkkkkkkkkakkRkkAjiAL+dU6VD6:voPA8jbEl5idPxHkkkkkkkkkkkkkkkkT
-
Async RAT payload
-
Executes dropped EXE
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Execution
Command and Scripting Interpreter
1Scheduled Task/Job
1Scheduled Task
1Persistence
Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1