fec985e0648a7d41c434c8fed666139090f7bb5df85939da743a1f8859765811 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

RobloxPlay...2).exe

windows7-x64

8

Sharing

General

Target

RobloxPlayerInstaller (2).exe
Size

5.5MB
Sample

240818-dfhqdsvbpr
MD5

6399cb94a0d00b72ffb53432cb26c891
SHA1

d18c3616da0c6807771c0d7e501e811a9f2e7ded
SHA256

fec985e0648a7d41c434c8fed666139090f7bb5df85939da743a1f8859765811
SHA512

5f06f6e235c1e1c68255cf34fa22713ddd8a8667d9584ba316358c785801a0d9ca68a93ff2c2b20d55bca5c0502a2edaa2a06a8f45fec2292b880725f8ee5097
SSDEEP

98304:bCvzi7JmlycwWDA64XNj4IdfgT2WXa12zRMBZo8X7xuHit:qzIJmldv4j3gT2czRaoW7xDt

Score

8^/10

discovery evasion persistence privilege_escalation trojan

Static task

static1

Behavioral task

behavioral1

Sample

RobloxPlayerInstaller (2).exe

Resource

win7-20240705-en

discovery evasion persistence privilege_escalation trojan

windows7-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  RobloxPlayerInstaller (2).exe
- Size
  
  5.5MB
- MD5
  
  6399cb94a0d00b72ffb53432cb26c891
- SHA1
  
  d18c3616da0c6807771c0d7e501e811a9f2e7ded
- SHA256
  
  fec985e0648a7d41c434c8fed666139090f7bb5df85939da743a1f8859765811
- SHA512
  
  5f06f6e235c1e1c68255cf34fa22713ddd8a8667d9584ba316358c785801a0d9ca68a93ff2c2b20d55bca5c0502a2edaa2a06a8f45fec2292b880725f8ee5097
- SSDEEP
  
  98304:bCvzi7JmlycwWDA64XNj4IdfgT2WXa12zRMBZo8X7xuHit:qzIJmldv4j3gT2czRaoW7xDt
Score

8^/10

discovery evasion persistence privilege_escalation trojan
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalationtrojan

© 2018-2024

Terms | Privacy