General

  • Target

    RobloxWaveInjector.exe

  • Size

    106.9MB

  • Sample

    240802-yjdk3asfjd

  • MD5

    876e9e248a8c2f0fbd81bbf4368910ca

  • SHA1

    2d96ef880dd0ddf72893586dda055ab72e923439

  • SHA256

    3f4bb48158c276ee34506a30e6eca587a67aa3d8706bdefc14c865cbbef849d3

  • SHA512

    b4a3a578feb74353e2b03230c7192942f9a9e6faeb57650d4e0005399bf00ee2b043569c632aec62143820f389c48386be53fd0d114ebc687147817746a42611

  • SSDEEP

    3145728:gPbiS6xjKcBa6R2qHO5izBVnG0iWMstB2Ox0Uu3:I2SWNa6HHCittieBm

Malware Config

Targets

    • Target

      RobloxWaveInjector.exe

    • Size

      106.9MB

    • MD5

      876e9e248a8c2f0fbd81bbf4368910ca

    • SHA1

      2d96ef880dd0ddf72893586dda055ab72e923439

    • SHA256

      3f4bb48158c276ee34506a30e6eca587a67aa3d8706bdefc14c865cbbef849d3

    • SHA512

      b4a3a578feb74353e2b03230c7192942f9a9e6faeb57650d4e0005399bf00ee2b043569c632aec62143820f389c48386be53fd0d114ebc687147817746a42611

    • SSDEEP

      3145728:gPbiS6xjKcBa6R2qHO5izBVnG0iWMstB2Ox0Uu3:I2SWNa6HHCittieBm

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks