General
-
Target
RobloxPlayerInstaller.exe
-
Size
5.5MB
-
Sample
240727-wvn5tswanf
-
MD5
4b333632262ce2606c39b1613f345ce5
-
SHA1
fda30b2198ab865e5780c86415333df8d83b50fd
-
SHA256
d9bd50a3c1ef0cf2f9978862e786731e8be1d97d50540d85b58f92614fa84cda
-
SHA512
7c742f50846036b94b2844c70f8c350344685674db1a8b253af9000ab7b9b78abe7049e9c3d9b28d9d98ae6ba243f6a4377ac2c873d9cf8ff923dc61ea734e72
-
SSDEEP
98304:Q8vj23XO7INTOKdWOm39VQOuKigT3SsPyFRUhE1Azc9uPp:njgO7InF+6gTkFRjew9ip
Malware Config
Targets
-
-
Target
RobloxPlayerInstaller.exe
-
Size
5.5MB
-
MD5
4b333632262ce2606c39b1613f345ce5
-
SHA1
fda30b2198ab865e5780c86415333df8d83b50fd
-
SHA256
d9bd50a3c1ef0cf2f9978862e786731e8be1d97d50540d85b58f92614fa84cda
-
SHA512
7c742f50846036b94b2844c70f8c350344685674db1a8b253af9000ab7b9b78abe7049e9c3d9b28d9d98ae6ba243f6a4377ac2c873d9cf8ff923dc61ea734e72
-
SSDEEP
98304:Q8vj23XO7INTOKdWOm39VQOuKigT3SsPyFRUhE1Azc9uPp:njgO7InF+6gTkFRjew9ip
Score8/10-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1