be2d8c0dc25bd2a9492c52a0fbe38eead4d2e25ab7a6a3daec53d251a1cde85a | Triage

Sharing

General

Target

RobloxHck.exe
Size

3.3MB
Sample

240920-tbnc3svard
MD5

e4f2159efd85213892a279379441d337
SHA1

01e1b4c9d5865765d6b916837f9bd9891546b8a4
SHA256

be2d8c0dc25bd2a9492c52a0fbe38eead4d2e25ab7a6a3daec53d251a1cde85a
SHA512

bba7ccac84134bea5f6efa1a599f1c53443f4b186789327f0028647e5a2009edec24b1e3301193bc0bd703a0b54d0c67fbe1e3a385ae67e701ce63917f0eb39a
SSDEEP

98304:732jjwtlamO0IuiBHZLm+W4enHaOJyA1CE+XMGfLWu:CjIaayBHZpWJHa0NgXhfLr

Score

10^/10

credential_access discovery spyware stealer

Malware Config

Targets

- Target
  
  RobloxHck.exe
- Size
  
  3.3MB
- MD5
  
  e4f2159efd85213892a279379441d337
- SHA1
  
  01e1b4c9d5865765d6b916837f9bd9891546b8a4
- SHA256
  
  be2d8c0dc25bd2a9492c52a0fbe38eead4d2e25ab7a6a3daec53d251a1cde85a
- SHA512
  
  bba7ccac84134bea5f6efa1a599f1c53443f4b186789327f0028647e5a2009edec24b1e3301193bc0bd703a0b54d0c67fbe1e3a385ae67e701ce63917f0eb39a
- SSDEEP
  
  98304:732jjwtlamO0IuiBHZLm+W4enHaOJyA1CE+XMGfLWu:CjIaayBHZpWJHa0NgXhfLr
Score

10^/10

credential_access discovery spyware stealer
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdiscoveryspywarestealer