General

  • Target

    Roblox Condo Uploader.exe

  • Size

    103.4MB

  • Sample

    240726-xlbc2sxhmn

  • MD5

    e5d5c406a8f0f4fa4dfd74938c70c886

  • SHA1

    64d4721d921000c750db605d9b29bf5ce1d7ab19

  • SHA256

    9f91b73ff38fa7a22f016befc8c72d44f77f5410ec2d22533be165b3bfb55f14

  • SHA512

    c7b3de1a73e0e229bd343899694ab47d6d9e901de0db3cf39b4ba210a41612ce22f713efd611faf05e57e939d96cb1d4d84a20bf89902340745905df6230c964

  • SSDEEP

    3145728:iCOb8S6xjKcBaIc2qHO5iVY2nGQbRe0zJcBW1Ms9U:ggSWNaIsHCiH1XcBWz

Malware Config

Targets

    • Target

      Roblox Condo Uploader.exe

    • Size

      103.4MB

    • MD5

      e5d5c406a8f0f4fa4dfd74938c70c886

    • SHA1

      64d4721d921000c750db605d9b29bf5ce1d7ab19

    • SHA256

      9f91b73ff38fa7a22f016befc8c72d44f77f5410ec2d22533be165b3bfb55f14

    • SHA512

      c7b3de1a73e0e229bd343899694ab47d6d9e901de0db3cf39b4ba210a41612ce22f713efd611faf05e57e939d96cb1d4d84a20bf89902340745905df6230c964

    • SSDEEP

      3145728:iCOb8S6xjKcBaIc2qHO5iVY2nGQbRe0zJcBW1Ms9U:ggSWNaIsHCiH1XcBWz

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Downloads MZ/PE file

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks