70be452d5ca4dfaeec5fd02652dc8c4d3c76ac329148c2bbf358ae8c829d4d73 | Triage

Submit
Reports

Overview

overview

6

Static

static

1

RobloxPlay...5).exe

windows11-21h2-x64

6

Resubmissions

06/08/2024, 20:59

240806-zs4dhszgqm 6

06/08/2024, 20:56

240806-zrfk3atfnf 6

06/08/2024, 20:53

240806-zpp2qatfkd 6

06/08/2024, 20:26

240806-y7t8qataqh 6

Sharing

Copy URL Twitter E-mail

General

Target

RobloxPlayerInstaller (5).exe
Size

5.3MB
Sample

240806-zrfk3atfnf
MD5

5760bad46664c1c9079d37bdbc4bbbad
SHA1

a67cf6f0c1a164940c1562be1f066e85415dfe32
SHA256

70be452d5ca4dfaeec5fd02652dc8c4d3c76ac329148c2bbf358ae8c829d4d73
SHA512

b75c8095cc7f9d092edaf32b51bcd5c4ce98315d73a4f8f244a0cc42edf091509a17db02bf7e8fe81a0975b0b008e2b6c44cdbcc48ac7d0dacf02514f353d2f7
SSDEEP

98304:Z1v8xmEEHgRVxSKaOCRbcagngI0vQ4iKYCNDKjjlhxuQ:D8VEaxuOEgngIbCYjxfJ

Score

6^/10

discovery evasion persistence privilege_escalation trojan

Static task

static1

Behavioral task

behavioral1

Sample

RobloxPlayerInstaller (5).exe

Resource

win11-20240802-en

discovery evasion persistence privilege_escalation trojan

windows11-21h2-x64

23 signatures

600 seconds

Malware Config

Targets

- Target
  
  RobloxPlayerInstaller (5).exe
- Size
  
  5.3MB
- MD5
  
  5760bad46664c1c9079d37bdbc4bbbad
- SHA1
  
  a67cf6f0c1a164940c1562be1f066e85415dfe32
- SHA256
  
  70be452d5ca4dfaeec5fd02652dc8c4d3c76ac329148c2bbf358ae8c829d4d73
- SHA512
  
  b75c8095cc7f9d092edaf32b51bcd5c4ce98315d73a4f8f244a0cc42edf091509a17db02bf7e8fe81a0975b0b008e2b6c44cdbcc48ac7d0dacf02514f353d2f7
- SSDEEP
  
  98304:Z1v8xmEEHgRVxSKaOCRbcagngI0vQ4iKYCNDKjjlhxuQ:D8VEaxuOEgngIbCYjxfJ
Score

6^/10

discovery evasion persistence privilege_escalation trojan
- Checks whether UAC is enabled
  evasion trojan
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalationtrojan

© 2018-2025

Terms | Privacy