General
-
Target
RobloxCondoUploader.exe
-
Size
103.4MB
-
Sample
240726-yfptxszhrr
-
MD5
e5d5c406a8f0f4fa4dfd74938c70c886
-
SHA1
64d4721d921000c750db605d9b29bf5ce1d7ab19
-
SHA256
9f91b73ff38fa7a22f016befc8c72d44f77f5410ec2d22533be165b3bfb55f14
-
SHA512
c7b3de1a73e0e229bd343899694ab47d6d9e901de0db3cf39b4ba210a41612ce22f713efd611faf05e57e939d96cb1d4d84a20bf89902340745905df6230c964
-
SSDEEP
3145728:iCOb8S6xjKcBaIc2qHO5iVY2nGQbRe0zJcBW1Ms9U:ggSWNaIsHCiH1XcBWz
Behavioral task
behavioral1
Sample
RobloxCondoUploader.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
RobloxCondoUploader.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
RobloxCondoUploader.exe
-
Size
103.4MB
-
MD5
e5d5c406a8f0f4fa4dfd74938c70c886
-
SHA1
64d4721d921000c750db605d9b29bf5ce1d7ab19
-
SHA256
9f91b73ff38fa7a22f016befc8c72d44f77f5410ec2d22533be165b3bfb55f14
-
SHA512
c7b3de1a73e0e229bd343899694ab47d6d9e901de0db3cf39b4ba210a41612ce22f713efd611faf05e57e939d96cb1d4d84a20bf89902340745905df6230c964
-
SSDEEP
3145728:iCOb8S6xjKcBaIc2qHO5iVY2nGQbRe0zJcBW1Ms9U:ggSWNaIsHCiH1XcBWz
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-