Resubmissions

17-09-2024 17:18

240917-vvrehsvcqf 6

17-09-2024 17:13

240917-vrr7msvbrk 10

General

  • Target

    RobloxPlayerInstaller.exe

  • Size

    4.6MB

  • Sample

    240917-vvrehsvcqf

  • MD5

    f16ac9b02b4726b444b383d76db1ae18

  • SHA1

    7388c264874447d1ded6b6acaa35d26144d023a9

  • SHA256

    f59c4acec3cd952c3ab981d56e1e68f543ad8684a3b44c6b59b70fbabc2b5ff0

  • SHA512

    9bf0e99eae1406341358c787de4bfd412933af8ca064e0aa09f0bf6893b5d5d9899a82d360f423cc7fae6d647e7196778fddee031508caae99f4a9316e6edf39

  • SSDEEP

    98304:Q+v//h75UcT+6O6QCp4jgzg2ar8S9rpTwkTPKXbSz:Jnh75nTS6Qvg3utwSiE

Malware Config

Targets

    • Target

      RobloxPlayerInstaller.exe

    • Size

      4.6MB

    • MD5

      f16ac9b02b4726b444b383d76db1ae18

    • SHA1

      7388c264874447d1ded6b6acaa35d26144d023a9

    • SHA256

      f59c4acec3cd952c3ab981d56e1e68f543ad8684a3b44c6b59b70fbabc2b5ff0

    • SHA512

      9bf0e99eae1406341358c787de4bfd412933af8ca064e0aa09f0bf6893b5d5d9899a82d360f423cc7fae6d647e7196778fddee031508caae99f4a9316e6edf39

    • SSDEEP

      98304:Q+v//h75UcT+6O6QCp4jgzg2ar8S9rpTwkTPKXbSz:Jnh75nTS6Qvg3utwSiE

    • Checks whether UAC is enabled

    • Downloads MZ/PE file

    • Event Triggered Execution: Image File Execution Options Injection

    • Legitimate hosting services abused for malware hosting/C2

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

MITRE ATT&CK Enterprise v15

Tasks