General
-
Target
Roblox Evon Exploit V4_41257.exe
-
Size
8.7MB
-
Sample
250116-rf53ksvldl
-
MD5
98194b1fd3ceea50438976b40ea59d05
-
SHA1
ed918fbb5765aa91e5c9d2c492ec00667478ac35
-
SHA256
3e091df4051e6b0859c2142a0869a415e5968c20edb5e9a60fcd077f7b61be19
-
SHA512
9587acb23ee51e4743c5399b78b64f2a0e87e2413cd56e220df8c08ebe0f352ac0ca83c1826f09718876a6248057e9cbac0f38ee725de83b4ca7de4f805f30bf
-
SSDEEP
196608:wu6nOE62LOa8ewFCrqNeuUG59Fa9FVDNWXVkHo/ly:MOb2C6wFCrqNZ529PDNs2Ho/k
Malware Config
Targets
-
-
Target
Roblox Evon Exploit V4_41257.exe
-
Size
8.7MB
-
MD5
98194b1fd3ceea50438976b40ea59d05
-
SHA1
ed918fbb5765aa91e5c9d2c492ec00667478ac35
-
SHA256
3e091df4051e6b0859c2142a0869a415e5968c20edb5e9a60fcd077f7b61be19
-
SHA512
9587acb23ee51e4743c5399b78b64f2a0e87e2413cd56e220df8c08ebe0f352ac0ca83c1826f09718876a6248057e9cbac0f38ee725de83b4ca7de4f805f30bf
-
SSDEEP
196608:wu6nOE62LOa8ewFCrqNeuUG59Fa9FVDNWXVkHo/ly:MOb2C6wFCrqNZ529PDNs2Ho/k
Score10/10-
Detected google phishing page
-
A potential corporate email address has been identified in the URL: [email protected]
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1