Overview
overview
10Static
static
3RobuxGiver/Giver.jar
windows7-x64
10RobuxGiver/Giver.jar
windows10-2004-x64
1RobuxGiver...sh.dll
windows7-x64
1RobuxGiver...sh.dll
windows10-2004-x64
1RobuxGiver/Run.bat
windows7-x64
10RobuxGiver/Run.bat
windows10-2004-x64
10RobuxGiver...ct.dll
windows7-x64
1RobuxGiver...ct.dll
windows10-2004-x64
1Accessibility.dll
windows7-x64
1Accessibility.dll
windows10-2004-x64
1RB.dll
windows7-x64
1RB.dll
windows10-2004-x64
1api-ms-win...-0.dll
windows10-2004-x64
3api-ms-win...-0.dll
windows10-2004-x64
3api-ms-win...-0.dll
windows10-2004-x64
1api-ms-win...-0.dll
windows10-2004-x64
1api-ms-win...-0.dll
windows10-2004-x64
1api-ms-win...-1.dll
windows10-2004-x64
3RobuxGiver...ty.dll
windows7-x64
1RobuxGiver...ty.dll
windows10-2004-x64
1RobuxGiver...RB.dll
windows7-x64
1RobuxGiver...RB.dll
windows10-2004-x64
1RobuxGiver...AR.exe
windows7-x64
3RobuxGiver...AR.exe
windows10-2004-x64
3RobuxGiver...-0.dll
windows7-x64
1RobuxGiver...-0.dll
windows10-2004-x64
1RobuxGiver...-0.dll
windows7-x64
1RobuxGiver...-0.dll
windows10-2004-x64
1RobuxGiver...-0.dll
windows7-x64
1RobuxGiver...-0.dll
windows10-2004-x64
1RobuxGiver...-0.dll
windows7-x64
1RobuxGiver...-0.dll
windows10-2004-x64
1General
-
Target
RobuxGiver.zip
-
Size
69.9MB
-
Sample
240708-mgrjcsvbnj
-
MD5
14a76f1fbd3829471ab5387a06d82753
-
SHA1
fca74b2fe85d294830d64ad0e769d0d9b9d97832
-
SHA256
3c3ae074efc209a63f628f55b07eaf7c605dbbf5d0025419d78d42ec3488dbb6
-
SHA512
fbb2da96ed9e4dee7228af943d07387ad710fd4a0262009509d04d0bec7fdfdfdc238cfe9ca024baf5df2dd33ae69c1ce3ee058d6295709a2b9b2ba553c55813
-
SSDEEP
1572864:PRDm7pl/94Y93gb+1VAP4YrA2y5AnCZVr2:PRq+w3E+1VwaWz
Static task
static1
Behavioral task
behavioral1
Sample
RobuxGiver/Giver.jar
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
RobuxGiver/Giver.jar
Resource
win10v2004-20240704-en
Behavioral task
behavioral3
Sample
RobuxGiver/Refresh.dll
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
RobuxGiver/Refresh.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral5
Sample
RobuxGiver/Run.bat
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
RobuxGiver/Run.bat
Resource
win10v2004-20240704-en
Behavioral task
behavioral7
Sample
RobuxGiver/connect.dll
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
RobuxGiver/connect.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral9
Sample
Accessibility.dll
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
Accessibility.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral11
Sample
RB.dll
Resource
win7-20240220-en
Behavioral task
behavioral12
Sample
RB.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral13
Sample
api-ms-win-base-util-l1-1-0.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral14
Sample
api-ms-win-core-com-l1-1-0.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral15
Sample
api-ms-win-core-comm-l1-1-0.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral16
Sample
api-ms-win-core-console-l1-1-0.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral17
Sample
api-ms-win-core-datetime-l1-1-0.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral18
Sample
api-ms-win-core-datetime-l1-1-1.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral19
Sample
RobuxGiver/natives/Accessibility.dll
Resource
win7-20240704-en
Behavioral task
behavioral20
Sample
RobuxGiver/natives/Accessibility.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral21
Sample
RobuxGiver/natives/RB.dll
Resource
win7-20240220-en
Behavioral task
behavioral22
Sample
RobuxGiver/natives/RB.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral23
Sample
RobuxGiver/natives/UnRAR.exe
Resource
win7-20240704-en
Behavioral task
behavioral24
Sample
RobuxGiver/natives/UnRAR.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral25
Sample
RobuxGiver/natives/api-ms-win-base-util-l1-1-0.dll
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
RobuxGiver/natives/api-ms-win-base-util-l1-1-0.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral27
Sample
RobuxGiver/natives/api-ms-win-core-com-l1-1-0.dll
Resource
win7-20240704-en
Behavioral task
behavioral28
Sample
RobuxGiver/natives/api-ms-win-core-com-l1-1-0.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral29
Sample
RobuxGiver/natives/api-ms-win-core-comm-l1-1-0.dll
Resource
win7-20240705-en
Behavioral task
behavioral30
Sample
RobuxGiver/natives/api-ms-win-core-comm-l1-1-0.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral31
Sample
RobuxGiver/natives/api-ms-win-core-console-l1-1-0.dll
Resource
win7-20240705-en
Behavioral task
behavioral32
Sample
RobuxGiver/natives/api-ms-win-core-console-l1-1-0.dll
Resource
win10v2004-20240704-en
Malware Config
Extracted
https://drive.usercontent.google.com/u/0/uc?id=1x3Qsl0ip2snOsNAYvLibF9vZtml1AeI9&export=download
Extracted
redline
GameTrash
213.219.199.48:1912
Targets
-
-
Target
RobuxGiver/Giver.jar
-
Size
36.6MB
-
MD5
1bc56c1c09bb5d108365c0992291f5c6
-
SHA1
7c47e8db8b527b256520499033f0c39ab2fee449
-
SHA256
15788f4491bbaefd419c7a152a2ce35e59ad827218260a10430a2fcf23e30cf6
-
SHA512
a283f96cc878a88125cdb1e959f17044ddcb4031e566f4a3273012e4cbfc568004b2a25c54896b104fe0ede950193b518f6be283de260679871e8860ea88c86d
-
SSDEEP
786432:J67l/W65D0Dspv3aagZb+1VBy3W8B4YrA2ysrjAAi81iVZV6zihX1:el/94Y93gb+1VAP4YrA2y5AnCZVrf
-
XMRig Miner payload
-
Blocklisted process makes network request
-
Creates new service(s)
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
RobuxGiver/Refresh.dll
-
Size
7.4MB
-
MD5
e669283790077343477be2e0a7578891
-
SHA1
5b6e41b930aedcc1f6ccd9301448e6c0eacc1315
-
SHA256
b11625c73e8ef0f76058b2ef7d7f09dc3453988eba227e9d7b2310eea923d7a9
-
SHA512
f81376c9727614d12a1825c71b93024ff9659822f6dc8f660277e85467081e1755ced1e53241d6009b09214c5f7fd0cfab47383bb6a42077757b0bd1cd2fa71b
-
SSDEEP
98304:8mg7qz9u16T8R2y1fUv50DKKNUqGX1Y5l533y9SSFr32W3:8vqRu16T8RpfSaDKKNUqGX032z3Z3
Score1/10 -
-
-
Target
RobuxGiver/Run.bat
-
Size
133KB
-
MD5
cda01b7a38c5168643879c37a603b756
-
SHA1
8e106bdf6faeabc194f94bec498bad28dd6e380b
-
SHA256
e52ac9954fd9cf9ec2ada166cdc0ad720efb0e5492ec7422390b4050327f6b85
-
SHA512
eb5e074720b0dd72b6998dc2f8aa4f603361077d42fb2b76b912844445db5b58947ab1204e9b7015952a6e284b084452f7d4c4dbe6c54d5e4d128e7370fadfe6
-
SSDEEP
3072:UzU4BgtWtI0Mb4Rp39rixLerYKGM/548phyS0:sTBLO09RLriFerVGQGf
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
XMRig Miner payload
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
RobuxGiver/connect.dll
-
Size
598KB
-
MD5
9d420367ad9cc9a64abb3070ba056a4d
-
SHA1
56ad1e0143aa5b5860225b6d6e798966822f0ee9
-
SHA256
14e21da9127bfc402072131eb35df9f75541d577c470624db563261290c79571
-
SHA512
507a4aff01b75d786b3cf945cd08a92407369db609ee7ef4c922a15a6db647ce3f0726d5a22911e763c8e1add6b33effee871d543429c9f468766ef56a7e6017
-
SSDEEP
12288:iToJbEjeRbToJbEjeRFToJbEjeRFToJbEjeRFToJbEjeRY:2oJbEjeR3oJbEjeRRoJbEjeRRoJbEjeh
Score1/10 -
-
-
Target
Accessibility.dll
-
Size
30KB
-
MD5
cd67df24d44e55f8a39a8ab8c6af5bf8
-
SHA1
1d94109212b75ad006db614ef0379c3eba6f13ea
-
SHA256
507b945cfcb8841d67b1015911f2716515d70c7547f3d73a1efd87e23a1789bd
-
SHA512
242d20e0c7d807696e9e0fd809bd419cf2a746edffecdf74e9a6c7fd78e7920bbab32ad91e1a5cb1576ae89e8d882f84f694e02c58c5122f89b9e582f3db3c21
-
SSDEEP
384:6IW1XfPAzkHn8dlRu98nYsWZbWU9kk5+R9zusw6A8iHRN7YKy50ZSxR9zusgPRvB:6BRca98nYzP1g9zuoAxY50Zi9zuzp
Score1/10 -
-
-
Target
RB.uiu
-
Size
3.2MB
-
MD5
4ec2a06a4c66ab46b6cd2ba048e1e9a2
-
SHA1
ee09664e59931bf6659bc70748713701c6d283a4
-
SHA256
92cef33249a372491bb51e8b7c607ac69588f88829ad7561fd2b2b853f6a2ad7
-
SHA512
63b147e8b4b1a436b008f48fb58e3a297cf1bc0182caacb3b414a764642d76cc081ba5836e434f8cd56c02f770bc795aa98186459fd750f1b3a5700645fb32d9
-
SSDEEP
49152:GjmWx8dQMC5C/3T5EDeKxWwN5aFjZDiWEbZaiFOuR:Gjm4CvT5EDeKxW2aFlRpuR
Score1/10 -
-
-
Target
api-ms-win-base-util-l1-1-0.dll
-
Size
11KB
-
MD5
b6b9ff41852a816fda2fb19e46b41428
-
SHA1
85a732933c9480f501d4d623a4688500092f5790
-
SHA256
8ad869b6b66f784655f09ef4b2cc2299d26e32e8c93de3b52eb04ba084dfb799
-
SHA512
d3a3f4a6118a5d1cd2b961db471bc83ebff8e01f1e60d4e8ce223ad5da62e46b6cc12a56bd6de9a9ebd11fa7f25ed0d2745a65077b11775b0e1364d8f4ae6ad6
-
SSDEEP
192:JWZhWrcCroDBQABJbpF+nasu+JX01k9z3Azs+9Lys:JWZhW6DBRJbpUad+JR9zus+tv
Score3/10 -
-
-
Target
api-ms-win-core-com-l1-1-0.dll
-
Size
16KB
-
MD5
9ad32425879d587f6440787d749d28b5
-
SHA1
6fe77657963a680d605ea43a20dafa38b9a0c840
-
SHA256
1a1c91a02511a5b6c519f62d0c126c663284b70c8c1fac2befa73903358954ea
-
SHA512
cdbac27c9b881c012808f6cc836004424e01dda51841040e49c2f5fa5a06fc98d4acc00f7030c7eabc718e1c2033027a5b5ccc681408d57b23fe908fcc34ccda
-
SSDEEP
192:LWjfog5hLYXTAdBEV5TlOX/SUfEWZhWUcCroDBQABJCRZC0pF+nasu+JX01k9z3V:LQ8XBOfEWZhWFDBRJYpUad+JR9zus+wl
Score3/10 -
-
-
Target
api-ms-win-core-comm-l1-1-0.dll
-
Size
12KB
-
MD5
b2d6e9d578b9c5133154cf283795be13
-
SHA1
458de064436dcd02eff88af28cd14fcacc80cba5
-
SHA256
81cccf230877808c5c6ede5aa0b1a944cfc167305f36b7261a4b2fbaf4846b3e
-
SHA512
336ff3e8c8163aee6c1603902a7832ab69acaadd350b33ae2fc336ba37f5420d8b5cdfb0fcbb5982e2b9aacec4ef5c642ef6a37a96aff05a5a484f48db4c6303
-
SSDEEP
192:8NWZhWeRpSDBQABJN7DqF9e+X01k9z3AzsJFD4ElVbu:8NWZhWPDBRJle99R9zusX0gVS
Score1/10 -
-
-
Target
api-ms-win-core-console-l1-1-0.dll
-
Size
12KB
-
MD5
51876f5c5a4a18fbff8e49b4098a2837
-
SHA1
5435558aa2b0edbc3dd259a10f18041d5a4a457a
-
SHA256
120245d0362392e14ab0248561c75cba92f9cc633b318454a4ed4c73c260998d
-
SHA512
42a56fe43ce986cd27932520e044aa9ccceec8c8b10f50bb9be3f93d0a7038fbd4a7bd70fa3c63f034133dee81f870f382e67c3b6bf9445545b7d10022b17113
-
SSDEEP
192:3x4x8WZhWrYRpSDBQABJxwks9gICQX01k9z3AF21zHo:h4KWZhWrZDBRJe/P/R9zfW
Score1/10 -
-
-
Target
api-ms-win-core-datetime-l1-1-0.dll
-
Size
12KB
-
MD5
27063ef9884d2e99c4efc23afb82d362
-
SHA1
7d61625a6a4586414663fae9706308304bed2fc9
-
SHA256
7d57238f0552b7c3222af0d92ac876be6bbe750ecea527564ecfe96207b306c7
-
SHA512
22904dd56cfac474587235ba8d1efdd31cebd9ab392f3af5a65901b5f020ddbaa77ad57e2d23e75e349e0f8d2c77dd5daa9e50366d64d9fc5f94c6fe4c916e8b
-
SSDEEP
192:YyWZhWgcCroDBQABJxr3NWGaN4NhrJgX01k9z3AhQCs2RB:YyWZhWBDBRJpsTN4tgR9zatRB
Score1/10 -
-
-
Target
api-ms-win-core-datetime-l1-1-1.dll
-
Size
12KB
-
MD5
0e1ea6efc5c6824c0b0d55ef5b670dec
-
SHA1
589b957ac3bcea9327d75af4b07cb0e8bd158fe5
-
SHA256
7511280e57c23aeea9926476c3fc34da92b7dd261aabc4cd092ed4c9c4869a0d
-
SHA512
b2472aefc6eff582905e2d1f95394b3ef687f3041bde07b3be82851402e9265e52a7396e7bba8b7e3a1427563b92d5d0608ed7d93038107e7da9e7b5ff08738b
-
SSDEEP
192:aWZhWtcBRpSDBQABJSXq21eX01k9z3Az7+9t/HjQib:aWZhWuMDBRJSXl8R9ziARHEib
Score3/10 -
-
-
Target
RobuxGiver/natives/Accessibility.dll
-
Size
30KB
-
MD5
cd67df24d44e55f8a39a8ab8c6af5bf8
-
SHA1
1d94109212b75ad006db614ef0379c3eba6f13ea
-
SHA256
507b945cfcb8841d67b1015911f2716515d70c7547f3d73a1efd87e23a1789bd
-
SHA512
242d20e0c7d807696e9e0fd809bd419cf2a746edffecdf74e9a6c7fd78e7920bbab32ad91e1a5cb1576ae89e8d882f84f694e02c58c5122f89b9e582f3db3c21
-
SSDEEP
384:6IW1XfPAzkHn8dlRu98nYsWZbWU9kk5+R9zusw6A8iHRN7YKy50ZSxR9zusgPRvB:6BRca98nYzP1g9zuoAxY50Zi9zuzp
Score1/10 -
-
-
Target
RobuxGiver/natives/RB.uiu
-
Size
3.2MB
-
MD5
4ec2a06a4c66ab46b6cd2ba048e1e9a2
-
SHA1
ee09664e59931bf6659bc70748713701c6d283a4
-
SHA256
92cef33249a372491bb51e8b7c607ac69588f88829ad7561fd2b2b853f6a2ad7
-
SHA512
63b147e8b4b1a436b008f48fb58e3a297cf1bc0182caacb3b414a764642d76cc081ba5836e434f8cd56c02f770bc795aa98186459fd750f1b3a5700645fb32d9
-
SSDEEP
49152:GjmWx8dQMC5C/3T5EDeKxWwN5aFjZDiWEbZaiFOuR:Gjm4CvT5EDeKxW2aFlRpuR
Score1/10 -
-
-
Target
RobuxGiver/natives/UnRAR.exe
-
Size
494KB
-
MD5
98ccd44353f7bc5bad1bc6ba9ae0cd68
-
SHA1
76a4e5bf8d298800c886d29f85ee629e7726052d
-
SHA256
e51021f6cb20efbd2169f2a2da10ce1abca58b4f5f30fbf4bae931e4ecaac99b
-
SHA512
d6e8146a1055a59cba5e2aaf47f6cb184acdbe28e42ec3daebf1961a91cec5904554d9d433ebf943dd3639c239ef11560fa49f00e1cff02e11cd8d3506c4125f
-
SSDEEP
6144:yY8mmN3YWYGAj9JwXScp39ioIKzKVEKfr01//bbh3S62Wt3A3ksFqXqjh6AusDyn:yY8XiWYGAkXh3Qqia/zAot3A6AhezSpK
Score3/10 -
-
-
Target
RobuxGiver/natives/api-ms-win-base-util-l1-1-0.dll
-
Size
1.2MB
-
MD5
15be12b923012fe94229b2b91520b5b2
-
SHA1
8bbecb00fcd3d42a01939d4b0a02f30a5a34721e
-
SHA256
77c523fcf6d739df0823fd08738e05c876b99b684d882084df78b449c5464c48
-
SHA512
67a85ba2745300d47c0a6e5907b5c5011fc84c3b962163c624c8e36254d6b7ef7d7421f69b7d57d41bdf3c05c62eca4af750b884d340d3a293f54c6a4d066a3f
-
SSDEEP
3072:LDaDaDaDaDaDaDaDaDaDaDaDaDaDaDaDaDaDaDaDaDaDaDaDaDaDaDaDaDaDaDaK:X
Score1/10 -
-
-
Target
RobuxGiver/natives/api-ms-win-core-com-l1-1-0.dll
-
Size
1.6MB
-
MD5
cd4209e51836249b2a410758e49cd000
-
SHA1
f4c8c4cd1f0075782441e6897e0b12a42fe93c6d
-
SHA256
7b813c00b3002f2689b4d55bd3dbf643adc93aa3e965d094da1e00201427fd27
-
SHA512
a9095e3fb08e232b2543707ae28c0a8ba17e473971c87c09412867704407b24e6a6df61bcfe27e5a1e12b822602f5134d4ff2f8d29ba498cb1ce4f55cd021cd4
-
SSDEEP
12288:977777777777777777777777777777777777777777777777777777777777777l:H
Score1/10 -
-
-
Target
RobuxGiver/natives/api-ms-win-core-comm-l1-1-0.dll
-
Size
1.3MB
-
MD5
f6cd3a4a45c54a0c7f18a0e75f3afcbe
-
SHA1
d0a66c79f815a46d2319538b8f557bfc92c4deba
-
SHA256
850102912c9a2897fca0cf7d143e162f1a7f58bf689a94082b50969f05106d51
-
SHA512
ee15055a3adba6704c6313025baad2d69fda2d181f07812c324fa8c21caed1c82612a4cbe57e1e3702850197c787cafa583d47739f2f923e8655bee929c248d2
-
SSDEEP
3072:RKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK2:U
Score1/10 -
-
-
Target
RobuxGiver/natives/api-ms-win-core-console-l1-1-0.dll
-
Size
11.1MB
-
MD5
eaf2a3ab027b941b49fed9a7cb3e55fb
-
SHA1
c7b7477879b7f757f98798de813330b9ebbdd23a
-
SHA256
6c442b192f89d1e4c8349b1fb48a4bd8df6b0fdca5ea9ca59c1d8b7ce03d9842
-
SHA512
36efe8bb0c4b361f9bfa809fae819f409cae84b95b4216a3100272ea213e200b803cf7afd625c8393df0f18a41fccb498f8a80635e93e5bd7d062f8d6749f179
-
SSDEEP
6144:6mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmme:h
Score1/10 -