f79d8eb31e6282622058e508345d3e3f85e4e722f6492b4f57aa504879b098f1

General

Target

Roblox Pet Simulator Hack.zip
Size

4.4MB
Sample

241119-zjznzascjh
MD5

1e9ca9ed34c9ff223d4534b1c06de4d6
SHA1

4ed03415b85163a2ef9d102f1a2e6eaef26f1409
SHA256

f79d8eb31e6282622058e508345d3e3f85e4e722f6492b4f57aa504879b098f1
SHA512

67621f27e30c1b0af37fee9a144416cbd9ab8b83676c1d033bc4edfeb98193c53df6e250ff722b22551df39cbc6c3f9429579cbc89297686b63e7b43738d60f0
SSDEEP

98304:OqMScxw1h/3hRYy18VXV9QZw42d/yJppjBmj9kh+U/5Mhtc9u:Oq3IY8JwZw42Z6pEOIw9u

Score

8^/10

Malware Config

Targets

- Target
  
  Roblox Pet Simulator Hack.zip
- Size
  
  4.4MB
- MD5
  
  1e9ca9ed34c9ff223d4534b1c06de4d6
- SHA1
  
  4ed03415b85163a2ef9d102f1a2e6eaef26f1409
- SHA256
  
  f79d8eb31e6282622058e508345d3e3f85e4e722f6492b4f57aa504879b098f1
- SHA512
  
  67621f27e30c1b0af37fee9a144416cbd9ab8b83676c1d033bc4edfeb98193c53df6e250ff722b22551df39cbc6c3f9429579cbc89297686b63e7b43738d60f0
- SSDEEP
  
  98304:OqMScxw1h/3hRYy18VXV9QZw42d/yJppjBmj9kh+U/5Mhtc9u:Oq3IY8JwZw42Z6pEOIw9u
Score

1^/10
behavioral1
- Target
  
  Roblox Pet Simulator Hack.exe
- Size
  
  13KB
- MD5
  
  5a65d5dc4500e9a024c3803ad1f710b3
- SHA1
  
  f0cf2aa21cb37e81f94922914ef20a0d759d6185
- SHA256
  
  3c800fc61e6423954376571b83fa21e7b4faaadf10aa8346149ba34ce474c9ef
- SHA512
  
  d654d206dc1cecf969113b340d5d91d7090de761f8e9db7d00f27f744eacf725587dbb627a78aefb2c8d7460a70f89e6798586feefd88ae2719ccb1e3e42f140
- SSDEEP
  
  192:o6CzSsIZsB5jtgMtDG4ycScyV4o1fGCnhxjG84YcekKur0M1Y4:3C9fjtgMtDG4ylcyVbfvcrYcBrFt
Score

3^/10

discovery
behavioral2
- Target
  
  RobloxPlayerInstaller (4).exe
- Size
  
  6.8MB
- MD5
  
  91563396f82674c0b8a13a5bd4faa2cc
- SHA1
  
  becfde376e3053a2593640e8fbb743890077ed07
- SHA256
  
  c4e4b832dfab883152602b2ffef83f57281ebd8d08b3b8b12540f580fe0526d0
- SHA512
  
  07ee5e4084c24885ce735e93c314700dfaad96bf1b65e63a36a9c14c9f91a14fb6d4e26a534627e6a0df9416ce6a80f0539af3e50d5606489638a36b6da95e09
- SSDEEP
  
  98304:Mcv+QirHeUqMuUP0vjg9bJnAVxlVvq0waHsdRblAH4qPSAupG+udFJp0:HpirHeUqOYkJSqcHsdRbgPQpB83a
Score

8^/10

discovery evasion persistence privilege_escalation trojan
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3