Extracted

• • Target

    https://www.roblox.com/home

  Score

  10^/10

  danabotadwarebankerbotnetdefense_evasiondiscoveryevasionpersistenceprivilege_escalationstealertrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot

  • Danabot x86 payload

    Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

    botnet

  • Modifies WinLogon for persistence

    persistence

  • Modifies firewall policy service

    evasion

  • Modifies security service

    evasion

  • Blocklisted process makes network request

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Event Triggered Execution: Image File Execution Options Injection

    persistence

  • Manipulates Digital Signatures

    Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

  • Impair Defenses: Safe Mode Boot

    defense_evasion

  • Loads dropped DLL

  • Modifies system executable filetype association

    persistence

  • Adds Run key to start application

    persistence

  • Indicator Removal: Clear Persistence

    remove IFEO.

    defense_evasion

  • Installs/modifies Browser Helper Object

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  behavioral1