General
-
Target
RBXIDLE.Setup.3.0.0.exe
-
Size
144.1MB
-
Sample
241107-zqx4qaydkn
-
MD5
f7cd23293d037af068d7b4552f8bcee3
-
SHA1
32485a4bb72cb1646a3028836378015cbcde2180
-
SHA256
6d567d0959ae8c664714535ee960910c49e5f61971858fa396e9edb19688c1b3
-
SHA512
f31091dd3f6c86e39fd861e35a5213ce9fcec676a8e7f33abb71fb8c48a5ca648127bf07ecfe249aaa9e039281689b789407340f4c7476a6f1bfb721b63978aa
-
SSDEEP
3145728:JPFNsCo0L7fiLGL5n6PT6Lr0UOkyJQweGopgu9CzxxNEQFSvyrzkfC0T6:1FN4SUu0UOkyJQp7pH9krNQvYgfw
Behavioral task
behavioral1
Sample
RBXIDLE.Setup.3.0.0.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
RBXIDLE.Setup.3.0.0.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
RBXIDLE.Setup.3.0.0.exe
-
Size
144.1MB
-
MD5
f7cd23293d037af068d7b4552f8bcee3
-
SHA1
32485a4bb72cb1646a3028836378015cbcde2180
-
SHA256
6d567d0959ae8c664714535ee960910c49e5f61971858fa396e9edb19688c1b3
-
SHA512
f31091dd3f6c86e39fd861e35a5213ce9fcec676a8e7f33abb71fb8c48a5ca648127bf07ecfe249aaa9e039281689b789407340f4c7476a6f1bfb721b63978aa
-
SSDEEP
3145728:JPFNsCo0L7fiLGL5n6PT6Lr0UOkyJQweGopgu9CzxxNEQFSvyrzkfC0T6:1FN4SUu0UOkyJQp7pH9krNQvYgfw
-
Xmrig family
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Hide Artifacts: Hidden Window
Windows that would typically be displayed when an application carries out an operation can be hidden.
-
Legitimate hosting services abused for malware hosting/C2
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
2PowerShell
2Scheduled Task/Job
1Scheduled Task
1Persistence
Event Triggered Execution
1Component Object Model Hijacking
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Event Triggered Execution
1Component Object Model Hijacking
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Hide Artifacts
1Hidden Window
1Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1