9de00bfe898b7fa5a102b9f4e40daa541bebf18e03bf1062708452af48c8bb92

Sharing

Copy URL

Twitter E-mail

General

Target

RobloxExecutor.exe
Size

23.2MB
Sample

240929-rnfgwsxfjr
MD5

a7dc407cfaf696609f3d06f85a1ab666
SHA1

3563ed195a323e18da71e36ccd0c073e62c2bb8c
SHA256

9de00bfe898b7fa5a102b9f4e40daa541bebf18e03bf1062708452af48c8bb92
SHA512

b82c7ce5b8f3f87305f2d4ad1782879b889e4ddb971a552f5a7afe4632aec201c466b0a424c05452ab50f73f92a924f2c5858d49e0308a9c528eca4415b09520
SSDEEP

393216:A26GA3is67YJMnDiyrZ74MC1EgVqNHb2k7D/fea7KiDqBIaThxGVnxpxjAat0ebr:lA3isGYJMD1rZKLqNPDKiDqV/Gvp+60A

Score

10^/10

discovery execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://gt2n17uejm0gxeqm8mnzszq1sikpb0xupfgtdc0y95q50mtkqfjiujnj50.pages.dev/update/update.exe

exe.dropper

https://gt2n17uejm0gxeqm8mnzszq1sikpb0xupfgtdc0y95q50mtkqfjiujnj50.pages.dev/main/main.exe

Targets

- Target
  
  RobloxExecutor.exe
- Size
  
  23.2MB
- MD5
  
  a7dc407cfaf696609f3d06f85a1ab666
- SHA1
  
  3563ed195a323e18da71e36ccd0c073e62c2bb8c
- SHA256
  
  9de00bfe898b7fa5a102b9f4e40daa541bebf18e03bf1062708452af48c8bb92
- SHA512
  
  b82c7ce5b8f3f87305f2d4ad1782879b889e4ddb971a552f5a7afe4632aec201c466b0a424c05452ab50f73f92a924f2c5858d49e0308a9c528eca4415b09520
- SSDEEP
  
  393216:A26GA3is67YJMnDiyrZ74MC1EgVqNHb2k7D/fea7KiDqBIaThxGVnxpxjAat0ebr:lA3isGYJMD1rZKLqNPDKiDqV/Gvp+60A
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  $TEMP/update.ps1
- Size
  
  1KB
- MD5
  
  3b602b09f0f9f88640007dce338563cf
- SHA1
  
  b358a43c6572bfe185014e603c31950aa9983534
- SHA256
  
  ad569949f9374d1470dace95a25e2519ff07311a5607ab8a07de2c5cccc99261
- SHA512
  
  591d40cc7b51b1262af4248a389d57ba7f6d2af3900863415c70b8a569a2a8f039812a634f02a9ea7033436f40503be851abf5a945f0a155b0a75a3bdaddefa9
Score

8^/10

execution discovery
- Blocklisted process makes network request
- Downloads MZ/PE file
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral3 behavioral4
- Target
  
  host/fxr/8.0.8/hostfxr.dll
- Size
  
  342KB
- MD5
  
  d078ea59cae2f77f8794a632dd0809bc
- SHA1
  
  843a780e62b4f2c85e17de2e87b2c3cf233d9571
- SHA256
  
  f451a4839bd27a10fd03e751c843f2389e71e76a2f7bf418a650a53844d21d1f
- SHA512
  
  a9b9b223286170cadcfca8f2e125791b817301b6464f0ec839990696d743986634563e2ce8080d540cdacc0fd725c0fa17c40cf6668a8a59ffc2df17fbedc7b9
- SSDEEP
  
  6144:s3oCq7D6qYvWzxP5tsWaag28fxfIUmtd3+:9+1Wzbtsftvmdu
Score

1^/10
behavioral5 behavioral6
- Target
  
  shared/Microsoft.NETCore.App/8.0.8/Microsoft.CSharp.dll
- Size
  
  982KB
- MD5
  
  ac45b05c090e28dde2bdd3e6d460330f
- SHA1
  
  54a64b5c41a365e4f03974e620d9227582e0b6b1
- SHA256
  
  fba4224e5deabccd781bd7e0371c16a9765f7be0ea165f8bb499f5d62f4531bf
- SHA512
  
  6dcdb591e85c9f2c241ed2bcfafa214b7f1b75e6d681bb40f76cc3b121fce41ce9455fa3c44d455a4e4f2ff4ba4f159f0de51c0ea74ffc73837b342794ab7389
- SSDEEP
  
  24576:Wuz94uYWl+9whtbSp1HVu9yH+sChDUD3IX+:v54uZ++tbQHVu9yHugrH
Score

1^/10
behavioral7 behavioral8
- Target
  
  shared/Microsoft.NETCore.App/8.0.8/Microsoft.DiaSymReader.Native.amd64.dll
- Size
  
  2.2MB
- MD5
  
  a71cd05c01f0fc603c0bd782516f806d
- SHA1
  
  c15e261d5e7318875d324d28ab70a883cd434c81
- SHA256
  
  7f8dcf37d9d66eae14c48a79fa2fcd447bd0f38a21be0203a9c4a89398aacf28
- SHA512
  
  ce53f6dc1f02889ed6fb1f8df226f9badbb039f79505cdbd599a00a32b6617da5e19f2ad7f76bb8134b3ccad39fab2209ed8ec6ae42cd30402c4e450fc19fa88
- SSDEEP
  
  49152:jH+fGgFyzuNiG6H0n8D1gkrz/OAyFAopdrq/c/:+GgFQq8DT/ZyFDN0c
Score

1^/10
behavioral10 behavioral9
- Target
  
  shared/Microsoft.NETCore.App/8.0.8/Microsoft.VisualBasic.Core.dll
- Size
  
  1.2MB
- MD5
  
  5a0f40b6899f9bd7e43a5425da58de25
- SHA1
  
  bdff3cbf31fa86709309d92667c285f9f2c6d40b
- SHA256
  
  eea806d40be4c2fb909072df32de259ec476e9a7cc749c37447994ffc340f1ad
- SHA512
  
  f99971b7c6b3f3a02f99fd40da655326d6bcf1060ffb2e5e49a6bda6e09c05557b15f0951c1560e1acdb4b2cdf0b63ecef45e6745c1d562ae286aa3d53529850
- SSDEEP
  
  24576:NsvtzOPj/l89Sk2f+/eOUCxRepC36Rk3i+XFqUn:NsvtzOP7ymf+/TZd3ie
Score

1^/10
behavioral11 behavioral12
- Target
  
  shared/Microsoft.NETCore.App/8.0.8/Microsoft.Win32.Registry.dll
- Size
  
  118KB
- MD5
  
  4fd4616455d07e7252b50b565a2e75c5
- SHA1
  
  cd6db5a8dca0d94aa5e48717e32f3ec3e1b17998
- SHA256
  
  853da3e1e5ba29decfc91a39fa1b70955bdc63e18f034ae119635df53704e9d9
- SHA512
  
  1e37902f3b4afcc08acd7c8450e72de11ca16d1d338b8e076bf4940bde832866d410900ed6513b1d6ba67e7fcf579336998d7b2a2ac9483404b3fa2c6866ee2d
- SSDEEP
  
  3072:HY1NwrxWkbGKzcNqJSvEVcULVii1i81SFUt:Dl6KYqJSvEVz7/iO
Score

1^/10
behavioral13 behavioral14
- Target
  
  shared/Microsoft.NETCore.App/8.0.8/System.Collections.Concurrent.dll
- Size
  
  270KB
- MD5
  
  34e8718bed9ffcb954586f833672f548
- SHA1
  
  ee3d827879373d2ae7708d90c6916efde84b98bd
- SHA256
  
  635d3192ebc262dceafb679c30d63a06375d686e9e9bad9e43b1914b4ace483e
- SHA512
  
  a406540c34c699bdc6ea69635047ea206e295cb1e6c2ef80ec9c0374b74f2fe4c3754b309adb2bd173d8f4d6261db6be6570b518a7fd7d2cbbc4304921a38923
- SSDEEP
  
  6144:zH8+KHhcm1xa3ZvGFehyhyO28ibc8wXD6GK:zPChcm1xachD2PbVE+GK
Score

1^/10
behavioral15 behavioral16
- Target
  
  shared/Microsoft.NETCore.App/8.0.8/System.Collections.Immutable.dll
- Size
  
  818KB
- MD5
  
  e8d86e48d55490f58acc8dddcef458cc
- SHA1
  
  dcdb9c0d60b300467962e58602a82bbe6ec77aac
- SHA256
  
  fc48aa677a344f912c1a9160115dafd396b4f69eedd27f4b53b14c2b512e92d2
- SHA512
  
  18f993f4c7899856aa0c6ad200863d2444fdfa4745ed4cb961aa38db9f7e6dcb5576665cc1d487a9d1ea7c3b526a95710734aa65049410cbc2e58fd7c3defd15
- SSDEEP
  
  12288:crJR+uRoPwK6eN8/98vTU4dQEE3k0T9YLVgHr4lucvMgllgg9n:w+uM8abw+CMlFDll/n
Score

1^/10
behavioral17 behavioral18
- Target
  
  shared/Microsoft.NETCore.App/8.0.8/System.Collections.NonGeneric.dll
- Size
  
  102KB
- MD5
  
  7dfe9c0a526e8be845fdf94c77a40215
- SHA1
  
  c3c84d477a91f553167c88d7dc77ec77723138b4
- SHA256
  
  4f96e191302a84c970545aadb2fc53fa9b5455b1de54187a5373e0e3b5c90991
- SHA512
  
  61971e48894e92832ed76967b06e0d8ab57b8748096159852bf2f6ad8c74f8b6dc759ec3fa868ae91f1f08d4f9ecb15cc3a8df697452dd17972a96715b0c73a3
- SSDEEP
  
  1536:4QoktJ1UcLZmsYAZwmkXjhXVrMZREnZWzUdhiszMO:4jk9vZ7I1GZKZPHoO
Score

1^/10
behavioral19 behavioral20
- Target
  
  shared/Microsoft.NETCore.App/8.0.8/System.Collections.Specialized.dll
- Size
  
  102KB
- MD5
  
  7b967aba7a1321af17a04576de32cc50
- SHA1
  
  dc2f05b710d21733befb5066fa99bfb3ae1b7c4f
- SHA256
  
  c3d7055a0c71a9e8641c7883dbbdffebdbb27d2350de43ba925d947662533daf
- SHA512
  
  4b8abbe1101ea2cb7b257198e2dcb353cca151c4bebd4697a128ffd69d27e1de64fe19fcbdc79636414b01b15b7848e2c16e6b9bde24688d1794a7334aeaa9a4
- SSDEEP
  
  1536:Nx/tht+6AWhqlJH5MC+W06201CTBUsqEiONocgw50ad01IODi0zmG:Nx/Q6AqiT+WFPaiONocgwaaOhDzl
Score

1^/10
behavioral21 behavioral22
- Target
  
  shared/Microsoft.NETCore.App/8.0.8/System.Collections.dll
- Size
  
  254KB
- MD5
  
  c755e2d819f1462687ba99f28d7fb638
- SHA1
  
  1758e9e47d46c3b1d4f71520d09f3fa80e40c9d6
- SHA256
  
  7ee67cdc969f5bd5ba1a4e99a17ed8a67c2dd835537a982cb41a7ebe3ad025fe
- SHA512
  
  060610e7c30ab2625c85315e0ac105e08888bd2b37a9abcfa33566565c632e7397fc5db5edf03054feca2b2f46cb73f54e2cdb258ccd470d1947a27bc7de997d
- SSDEEP
  
  6144:nXiJoXLKgtvcp1M5eRWAbQW0ryS1woXh3m3x:XYCKgtEzweMiD0rGqJmB
Score

1^/10
behavioral23 behavioral24
- Target
  
  shared/Microsoft.NETCore.App/8.0.8/System.ComponentModel.Annotations.dll
- Size
  
  198KB
- MD5
  
  2b2ebce91dd24647ba64032aff474eea
- SHA1
  
  633b37c3f8ed3e2e036a6301e3a99ae2382f9be6
- SHA256
  
  ce51c0a016e0d830bb2325b917de3b959e42df82c47a681287c97f0c27846af4
- SHA512
  
  9718a8e686ca2f7e27db887ab94e0c5578cda23170c27e97bea1d0f95a30f29a4d742bdbc791c1e2f91d9ad5d2be383701dbba3d0ad054da06d30863cd5da1f4
- SSDEEP
  
  3072:ADzcvTHdJdCe4dCLLe+Yfn3gwmMWQArD5/oE5bF65eUV/uuTG:AQT9WDvgwzWQArHUV/uui
Score

1^/10
behavioral25 behavioral26
- Target
  
  shared/Microsoft.NETCore.App/8.0.8/System.ComponentModel.TypeConverter.dll
- Size
  
  726KB
- MD5
  
  e10561ccc3b6c7d0ac9705a411803dea
- SHA1
  
  558a8054f0ed9f680dd20561fd9811f3c818b716
- SHA256
  
  e5d98e1abe75c19b49952c9d5d4e28b54d336a73b9c14773fb4e7197bae00e3a
- SHA512
  
  77c60173b7037a9e3ac714aaf5778281bdc4afca9166314051d4784e53000aa33fae46e90b4dd56701ac8c28558c252e0c04564cb5c8704f09bc6d3f3a732041
- SSDEEP
  
  12288:EwTQLZPFIwJ04TS1jMoubC+hfzF89TwM/BiXtDaCPzFPaOL8j0ecA:TTQd9IwJ0B1jMoubC+hbO9TwM/BiwCPE
Score

1^/10
behavioral27 behavioral28
- Target
  
  shared/Microsoft.NETCore.App/8.0.8/System.Console.dll
- Size
  
  170KB
- MD5
  
  60be3b0fe0ce54306e547728c541616f
- SHA1
  
  505519153734f9b58fb37dc4e86740ff7d057896
- SHA256
  
  577d62369b948ec8dac8d01403987007edef6409a8fae7df733fbbc068086a75
- SHA512
  
  ab770c4882396808ea49d216367853d0041a63f20cee3f6bb64a06417d7a5af07fc1c19bb60948b04d411d0b27b45b1b3c5c316f1d06e623a34b54e79512d055
- SSDEEP
  
  3072:ioeEmXYzdfd6+Vfz5mDVVdwF6xARZvcKZzxuR1BB1GwRV:Ve1X4fd6qwVdC6x2ZvcK14B73
Score

1^/10
behavioral29 behavioral30
- Target
  
  shared/Microsoft.NETCore.App/8.0.8/System.Data.Common.dll
- Size
  
  2.7MB
- MD5
  
  d9a6328a389dad8e4a5c9bf9efd8fa77
- SHA1
  
  05c93e421cfa10b7504e867e8edeb3e68c4ebe8d
- SHA256
  
  1bb6848e76a1ac2966515ee04b80fff63a1566cc086f267b184040e9f681e808
- SHA512
  
  052cf47e55e025a03e7e0b92ffe49b8131bf7e7a0e46a4244598077601ad01b72d4060a393e8214cc4045435d930f9516b740d0db666ff1207d7d0e7bccc50a6
- SSDEEP
  
  49152:/LlMm2mf+ncGZUm3k+mywJOHPxIyiNMZ62YGkO3egTxiZsc5hBhB0X1v:DOOQZYyZ62YGkO3egTxiZs209
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Downloads MZ/PE file

Deletes itself

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32