General
-
Target
RobloxPlayerInstaller (2).exe
-
Size
5.5MB
-
Sample
240627-ykngnazdnk
-
MD5
94740510822524d579f869a81e02f5ea
-
SHA1
0e87d714e9eec2eee7c3af028e8e66e7478a107f
-
SHA256
ad927962330c2d2cf2bf7c33c1a5395df5ccd4ceabfb10c72db240041d773dda
-
SHA512
7cb3e72b0f1bdcbd53096fdec470fec9a6aa56d56b5f4bfa86b6afaa3ddbd2be6878f7874feb2c15647a627cea34a1fee7be35f6d1dffbf6a5a9c0bf8efa1d24
-
SSDEEP
98304:nrvxPrhl9Tn+HPneE2baWbtglM4pZqmRPRwLuBmBzluav5:zBrhlGnsTgl3RPRnBezlPv5
Malware Config
Targets
-
-
Target
RobloxPlayerInstaller (2).exe
-
Size
5.5MB
-
MD5
94740510822524d579f869a81e02f5ea
-
SHA1
0e87d714e9eec2eee7c3af028e8e66e7478a107f
-
SHA256
ad927962330c2d2cf2bf7c33c1a5395df5ccd4ceabfb10c72db240041d773dda
-
SHA512
7cb3e72b0f1bdcbd53096fdec470fec9a6aa56d56b5f4bfa86b6afaa3ddbd2be6878f7874feb2c15647a627cea34a1fee7be35f6d1dffbf6a5a9c0bf8efa1d24
-
SSDEEP
98304:nrvxPrhl9Tn+HPneE2baWbtglM4pZqmRPRwLuBmBzluav5:zBrhlGnsTgl3RPRnBezlPv5
Score8/10-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks whether UAC is enabled
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-