Overview

overview

8

Static

static

3

test/Roblo...1).exe

windows7-x64

8

test/Roblo...1).exe

windows10-2004-x64

8

test/WaveI...er.exe

windows7-x64

3

test/WaveI...er.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    test.zip

  • Size

    4.4MB

  • Sample

    240806-1pgk1s1grl

  • MD5

    8a71188de7b1cbb391721224eeb78361

  • SHA1

    f0ea479fe18c0b300524622b4bb68f511f468d06

  • SHA256

    7498ec3998339e0d83d4fec8d331480a4ba2ad8f96b7c51c882b8c2540a71600

  • SHA512

    2887f9f5b32be284c77406bcd4aaf7ec1559baa6a8c9bfcdbeab554ba32bbe4754aa7f3bda81c9b32dc43a34bb0c3c665f1e4598cfa99b42cc28ccfeb36d1876

  • SSDEEP

    98304:mErMEhpYVfZfOumUQ33br2FWVzhVWIjAxxcMlY:mk/hsOUwAezhVUxfY

Score
8/10
discoveryevasionpersistenceprivilege_escalationtrojan

Malware Config

Targets

    • Target

      test/RobloxPlayerInstaller (1).exe

    • Size

      5.5MB

    • MD5

      4b333632262ce2606c39b1613f345ce5

    • SHA1

      fda30b2198ab865e5780c86415333df8d83b50fd

    • SHA256

      d9bd50a3c1ef0cf2f9978862e786731e8be1d97d50540d85b58f92614fa84cda

    • SHA512

      7c742f50846036b94b2844c70f8c350344685674db1a8b253af9000ab7b9b78abe7049e9c3d9b28d9d98ae6ba243f6a4377ac2c873d9cf8ff923dc61ea734e72

    • SSDEEP

      98304:Q8vj23XO7INTOKdWOm39VQOuKigT3SsPyFRUhE1Azc9uPp:njgO7InF+6gTkFRjew9ip

    Score
    8/10
    discoveryevasionpersistenceprivilege_escalationtrojan

    • Downloads MZ/PE file

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      test/WaveInstaller.exe

    • Size

      2.3MB

    • MD5

      8ad8b6593c91d7960dad476d6d4af34f

    • SHA1

      0a95f110c8264cde7768a3fd76db5687fda830ea

    • SHA256

      43e6ae7e38488e95741b1cad60843e7ce49419889285433eb4e697c175a153ab

    • SHA512

      09b522da0958f8b173e97b31b6c7141cb67de5d30db9ff71bc6e61ca9a97c09bff6b17d6eaa03c840500996aad25b3419391af64de1c59e98ff6a8eac636b686

    • SSDEEP

      49152:6inbT3qpTDQSmanAmwJAaDMg33U2pLYiniT:6inKpTJmWAmmAMPWin

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks