Overview

overview

10

Static

static

10

NezurRobloxCheat.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NezurRobloxCheat.exe

  • Size

    5.9MB

  • Sample

    241028-qg2k4szena

  • MD5

    a65d27cf610f1063d6724756c8354caa

  • SHA1

    7556b597904e7520e32384a9ca987492b67cbebd

  • SHA256

    3dd79aae39424af50214505ed41d44df3605f4cd35ee3838535bcbe568c104d7

  • SHA512

    1441fdd3900dc703d3ccea09d04a23bb2c8db2b1bad398a03d6430475fe4420d647244345180b5b1aae0be3ae9dd63ad72f25d8c649021700a98b2a6961f2656

  • SSDEEP

    98304:WzmoDUN43W2SjOjFgFEblNHYSxTpirSHcUR43zrwkdA8QJCKC7bN3mb6aUOoyAKk:WzumWVOjmFwDRxtYSHdK34kdai7bN3mq

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      NezurRobloxCheat.exe

    • Size

      5.9MB

    • MD5

      a65d27cf610f1063d6724756c8354caa

    • SHA1

      7556b597904e7520e32384a9ca987492b67cbebd

    • SHA256

      3dd79aae39424af50214505ed41d44df3605f4cd35ee3838535bcbe568c104d7

    • SHA512

      1441fdd3900dc703d3ccea09d04a23bb2c8db2b1bad398a03d6430475fe4420d647244345180b5b1aae0be3ae9dd63ad72f25d8c649021700a98b2a6961f2656

    • SSDEEP

      98304:WzmoDUN43W2SjOjFgFEblNHYSxTpirSHcUR43zrwkdA8QJCKC7bN3mb6aUOoyAKk:WzumWVOjmFwDRxtYSHdK34kdai7bN3mq

    Score
    8/10
    discoveryexecutionupx

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks