General
-
Target
RobloxPlayerInstaller (5).exe
-
Size
176KB
-
Sample
240625-awg71szhpc
-
MD5
b0c9e6677fecf10fc3f0ce262a1ad331
-
SHA1
d45c158a7685f37b0aa862c7fa898ec9cedf02c3
-
SHA256
bfe077d8ac72747c71c4983541bfb6b776799512b375eed68821f2e39bd175a7
-
SHA512
d0f53afcfdaf5732a135b2f86de15bf10a400432d65203529f326976415f0d0ab42b63b062037217dfafa456a367d043a16db67a82f8798adaf492f6d659d2ed
-
SSDEEP
3072:MRq9GPmn8jbK55fWgQoq/FfmDo7VHkkkkkkkkkkkkkkkkkakkRkkAjiAL+dU6VD6:voPA8jbEl5idPxHkkkkkkkkkkkkkkkkT
Malware Config
Extracted
asyncrat
1.0.7
Default
127.0.0.1:80
127.0.0.1:21434
mcdonaldsincorp-21434.portmap.host:80
mcdonaldsincorp-21434.portmap.host:21434
DcRatMutex_qwqdanchun
-
delay
1
-
install
true
-
install_file
RobloxPlayerBeta.exe
-
install_folder
%AppData%
Targets
-
-
Target
RobloxPlayerInstaller (5).exe
-
Size
176KB
-
MD5
b0c9e6677fecf10fc3f0ce262a1ad331
-
SHA1
d45c158a7685f37b0aa862c7fa898ec9cedf02c3
-
SHA256
bfe077d8ac72747c71c4983541bfb6b776799512b375eed68821f2e39bd175a7
-
SHA512
d0f53afcfdaf5732a135b2f86de15bf10a400432d65203529f326976415f0d0ab42b63b062037217dfafa456a367d043a16db67a82f8798adaf492f6d659d2ed
-
SSDEEP
3072:MRq9GPmn8jbK55fWgQoq/FfmDo7VHkkkkkkkkkkkkkkkkkakkRkkAjiAL+dU6VD6:voPA8jbEl5idPxHkkkkkkkkkkkkkkkkT
-
Async RAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-