General
-
Target
RobloxPlayerInstaller (1).exe
-
Size
6.7MB
-
Sample
241029-g9q6eaxdjj
-
MD5
dbc0d30c45dccb60b617f6521a43d0ca
-
SHA1
e1b843f876f3099e3e49c438d38fec19893dbe46
-
SHA256
79367398298230d1edca4595195645de7ef9c53a3fea88f73ca305ca39d59707
-
SHA512
380dfc440c6995ad99f1f03c922cb51bca015abe165d701e4753a4068efc5c831ff7d494d4b8d24a49ec440060b002a632e6d121dbd4fa91e351ae04136476f6
-
SSDEEP
98304:q7vTScaK6TllY2G2XDR+NGJqUWgTDcBgxusFydhwPLbpxTaz/FQ7:OTScaK6TllYq1q2wgxubwPRxWLu
Malware Config
Targets
-
-
Target
RobloxPlayerInstaller (1).exe
-
Size
6.7MB
-
MD5
dbc0d30c45dccb60b617f6521a43d0ca
-
SHA1
e1b843f876f3099e3e49c438d38fec19893dbe46
-
SHA256
79367398298230d1edca4595195645de7ef9c53a3fea88f73ca305ca39d59707
-
SHA512
380dfc440c6995ad99f1f03c922cb51bca015abe165d701e4753a4068efc5c831ff7d494d4b8d24a49ec440060b002a632e6d121dbd4fa91e351ae04136476f6
-
SSDEEP
98304:q7vTScaK6TllY2G2XDR+NGJqUWgTDcBgxusFydhwPLbpxTaz/FQ7:OTScaK6TllYq1q2wgxubwPRxWLu
Score8/10-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Detected potential entity reuse from brand STEAM.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1