General
-
Target
RobloxWaveInjector.exe
-
Size
106.9MB
-
Sample
240802-yjdk3asfjd
-
MD5
876e9e248a8c2f0fbd81bbf4368910ca
-
SHA1
2d96ef880dd0ddf72893586dda055ab72e923439
-
SHA256
3f4bb48158c276ee34506a30e6eca587a67aa3d8706bdefc14c865cbbef849d3
-
SHA512
b4a3a578feb74353e2b03230c7192942f9a9e6faeb57650d4e0005399bf00ee2b043569c632aec62143820f389c48386be53fd0d114ebc687147817746a42611
-
SSDEEP
3145728:gPbiS6xjKcBa6R2qHO5izBVnG0iWMstB2Ox0Uu3:I2SWNa6HHCittieBm
Behavioral task
behavioral1
Sample
RobloxWaveInjector.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
RobloxWaveInjector.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
RobloxWaveInjector.exe
-
Size
106.9MB
-
MD5
876e9e248a8c2f0fbd81bbf4368910ca
-
SHA1
2d96ef880dd0ddf72893586dda055ab72e923439
-
SHA256
3f4bb48158c276ee34506a30e6eca587a67aa3d8706bdefc14c865cbbef849d3
-
SHA512
b4a3a578feb74353e2b03230c7192942f9a9e6faeb57650d4e0005399bf00ee2b043569c632aec62143820f389c48386be53fd0d114ebc687147817746a42611
-
SSDEEP
3145728:gPbiS6xjKcBa6R2qHO5izBVnG0iWMstB2Ox0Uu3:I2SWNa6HHCittieBm
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-