xmrig | 6d567d0959ae8c664714535ee960910c49e5f61971858fa396e9edb19688c1b3

Sharing

Copy URL

Twitter E-mail

General

Target

RBXIDLE.Setup.3.0.0.exe
Size

144.1MB
Sample

250328-wf94ra1mv8
MD5

f7cd23293d037af068d7b4552f8bcee3
SHA1

32485a4bb72cb1646a3028836378015cbcde2180
SHA256

6d567d0959ae8c664714535ee960910c49e5f61971858fa396e9edb19688c1b3
SHA512

f31091dd3f6c86e39fd861e35a5213ce9fcec676a8e7f33abb71fb8c48a5ca648127bf07ecfe249aaa9e039281689b789407340f4c7476a6f1bfb721b63978aa
SSDEEP

3145728:JPFNsCo0L7fiLGL5n6PT6Lr0UOkyJQweGopgu9CzxxNEQFSvyrzkfC0T6:1FN4SUu0UOkyJQp7pH9krNQvYgfw

Score

10^/10

Malware Config

Targets

- Target
  
  RBXIDLE.Setup.3.0.0.exe
- Size
  
  144.1MB
- MD5
  
  f7cd23293d037af068d7b4552f8bcee3
- SHA1
  
  32485a4bb72cb1646a3028836378015cbcde2180
- SHA256
  
  6d567d0959ae8c664714535ee960910c49e5f61971858fa396e9edb19688c1b3
- SHA512
  
  f31091dd3f6c86e39fd861e35a5213ce9fcec676a8e7f33abb71fb8c48a5ca648127bf07ecfe249aaa9e039281689b789407340f4c7476a6f1bfb721b63978aa
- SSDEEP
  
  3145728:JPFNsCo0L7fiLGL5n6PT6Lr0UOkyJQweGopgu9CzxxNEQFSvyrzkfC0T6:1FN4SUu0UOkyJQp7pH9krNQvYgfw
Score

8^/10

defense_evasion discovery execution persistence privilege_escalation
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Hide Artifacts: Hidden Window
  Windows that would typically be displayed when an application carries out an operation can be hidden.
  defense_evasion
- Legitimate hosting services abused for malware hosting/C2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1
- Target
  
  $PLUGINSDIR/SpiderBanner.dll
- Size
  
  9KB
- MD5
  
  17309e33b596ba3a5693b4d3e85cf8d7
- SHA1
  
  7d361836cf53df42021c7f2b148aec9458818c01
- SHA256
  
  996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
- SHA512
  
  1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
- SSDEEP
  
  192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score

3^/10

discovery
behavioral2
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral3
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral4
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10

discovery
behavioral5
- Target
  
  $PLUGINSDIR/app-64.7z
- Size
  
  143.6MB
- MD5
  
  78eeb40d66efb2e17e4f15a147152049
- SHA1
  
  1621cfff9f939a7b261c89affca1b4c6a09467ca
- SHA256
  
  fe60a28f94dd02d5cf2997b7b105df1ee25794950590a95e54ef4b3fc5c998d6
- SHA512
  
  721c62b6611b81058b231a93525bcc0f7c1f42a16cc5b1e1f08af93e203d138fe442a082ec406bbd455bec2cf7a38e01705b6381250031d09e81a0961b8f28ad
- SSDEEP
  
  3145728:6FNsCo0L7fiLGL5n6PT6Lr0UOkyJQweGopgu9CzxxNEQFSvyrzkfC0Tf:6FN4SUu0UOkyJQp7pH9krNQvYgfl
Score

1^/10
behavioral6
- Target
  
  LICENSE.electron.txt
- Size
  
  1KB
- MD5
  
  4d42118d35941e0f664dddbd83f633c5
- SHA1
  
  2b21ec5f20fe961d15f2b58efb1368e66d202e5c
- SHA256
  
  5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
- SHA512
  
  3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63
Score

1^/10
behavioral7
- Target
  
  resources/app.asar.unpacked/node_modules/node-windows/bin/elevate/elevate.cmd
- Size
  
  80B
- MD5
  
  6bf15504007e72e8fd4d069962bb6bb1
- SHA1
  
  2962bc672541698e23d97b2c9b4d67726662d2df
- SHA256
  
  d3d046aa4e54c8e1aafdb95b0d65aa73731a7fa76df3bd582c26244dcebb97eb
- SHA512
  
  8905d00be73d651bc3537f7fb441d84874aac8497da3da474bb1f3d71c688372aafbc1ce078024832369907494fd9990d362fcd7e58717278d13be5f2a67f142
Score

1^/10
behavioral8
- Target
  
  resources/app.asar.unpacked/node_modules/node-windows/bin/elevate/elevate.vbs
- Size
  
  334B
- MD5
  
  e5103df4ae6351428735d9c7e8f1a8cd
- SHA1
  
  0fdd4a6bd924c0fff1c0f9b95c6120f3271b4026
- SHA256
  
  f7ab6e0f5ce0b0da4169083f6d8832dbe4ead414ae1f450fc75f873490c00b7f
- SHA512
  
  e876664e37b90662c017f3092e96a832004e73a7773cab97f61e531f69b96a2848720223e29307c56eb688804327f05fe93cbf38d0d0cc803af6a06952cfc9d1
Score

1^/10
behavioral9
- Target
  
  resources/app.asar.unpacked/node_modules/node-windows/bin/sudowin/Sudowin.Common.dll
- Size
  
  20KB
- MD5
  
  71a3ccef13df30b88d681714fe0386fa
- SHA1
  
  e717d0d9890f11f15e5f4ff62d91b43a188760e2
- SHA256
  
  ab3f0d95abc0041c4413a52f42447d4a49f2f09b746b78c297449880206cb844
- SHA512
  
  60f65d428dbc560dcfff5218dcc938a8a3f5a723c6017277f2dbf5ca0fc9c1ccd551ead227831a5dc4c251d8da30737149d49d86b8fede3b933e4da69328d450
- SSDEEP
  
  96:hDFBwPfHy3S2xncBrtx9WQN8m2sam8vnC8DKnDvaqYqiVaVYZ3lkb1qqAKiVu4Jh:K/QWtzWfmhKC8ODvaXdVaV4+pz4/y
Score

1^/10
behavioral10
- Target
  
  resources/app.asar.unpacked/node_modules/node-windows/bin/sudowin/sudo.exe
- Size
  
  20KB
- MD5
  
  98cfa945795d9185d64518a8b7ab38bf
- SHA1
  
  64de54cd41ab3be000406785ec9f1ff9bac8f57f
- SHA256
  
  922754cfe2c6cfe1dceeaedb74fc00367e9613afd0ad8c9e42ec80a81d04d49b
- SHA512
  
  12a0d9af0c4c43804f6c244ca3b212a5ff3c694d990b9336a922975bba1a0f31b9e06fb1934bc9a4164c7d090f796ae9c62cc670e9fc4021d7e7eeaaa0641932
- SSDEEP
  
  96:74RH/g8jFSw6euTpHAvybfxFa/zn+UwuVA8rTskEn1W1WuZB5MYYd2J1ltgQbFgB:74RTFv69UyLa6UXTizY0Qbu
Score

1^/10
behavioral11
- Target
  
  resources/app.asar.unpacked/node_modules/node-windows/bin/winsw/winsw.exe
- Size
  
  58KB
- MD5
  
  e0eef2861571b63a45ee59d802ccfa8c
- SHA1
  
  f6fd98de7e17971be2a8eec4aa89e70bb26d1b7e
- SHA256
  
  5859b114d96800a2b98ef9d19eaa573a786a422dad324547ef25be181389df01
- SHA512
  
  10164a85ac67e7b481be5f0abe7734dd27252fdd7ecb7855423cae230cc1c54ce8652e85f2571050ccfd50975a2c53db74185031b551ef2c46ceba8b4cef0553
- SSDEEP
  
  768:dbLoXR9wSKYrHLHYrvL7yUUeUdfKTwEsWQFNMDmtUG0pb4Pe:dAXR9wSK6b8j2UUNCTSWQFsGwb4Pe
Score

1^/10
behavioral12
- Target
  
  resources/app.asar.unpacked/node_modules/node-windows/lib/binaries.js
- Size
  
  2KB
- MD5
  
  ac96898f4bd4aea3e3715a772c2c544e
- SHA1
  
  d5f63220b5bf777028441e50dbc09811ca08c71d
- SHA256
  
  a5b358388413c68f8a4c649fdb8e50c52c443bec19a792678011da72c323c1db
- SHA512
  
  23299ab747fd15ad86986d96bd2dd4ae0111d1db8c98460bb28c4085d6b8701de83368f8d5142c1d988e8eb1d2b0ae30965799f63ea8e198ddac130a32d7d3ec
Score

3^/10

execution
behavioral13
- Target
  
  resources/app.asar.unpacked/node_modules/node-windows/lib/cmd.js
- Size
  
  2KB
- MD5
  
  dcfc8a89f25bdd54fe00476d5c66c669
- SHA1
  
  696d36e2904176a3ca7d13555762068829651b5e
- SHA256
  
  3886e90275c107043768d5713dbb522a622a6cbbc6bd7d240bab126c459ec576
- SHA512
  
  8c588dec102b587a23a338f25dc435f71ce34964af844174414a73836128a3467a86dfef2e7cacf177422099b0750dd94168b48cc39f62244e17c25dc26afb71
Score

3^/10

execution
behavioral14
- Target
  
  resources/app.asar.unpacked/node_modules/node-windows/lib/daemon.js
- Size
  
  24KB
- MD5
  
  6149760c1dd670fd1cdd7592326199c9
- SHA1
  
  be413fdcf6a89985119ac2549034981d7f055af6
- SHA256
  
  56c2e2d712ed2f692255cd8a15328d32ca3b877b91130cd83ec5f46235513cb1
- SHA512
  
  c6975004281ff434200377c7c9f9198182c20771cbea4ba2e81a9e8c9bdbc6c03f87a0e64474cb8f04a1682d86086625343ac0b0dd559f57e6685cd413dce8c6
- SSDEEP
  
  768:0WQLaL6CNTPPT1THTKT7GTneKKTiToVDTeLJ+JGrpTmT0n4CquTqcLs/FLuLGpYp:0WQLaL6CNTPPT1THTKT6T4TiT6TeLJ+0
Score

3^/10

execution
behavioral15
- Target
  
  resources/app.asar.unpacked/node_modules/node-windows/lib/eventlog.js
- Size
  
  6KB
- MD5
  
  0fc62adc34dc81a5f9fc3a298aa78eaf
- SHA1
  
  4b79d9a54bfa5e4d37c251ef70bd3b81cb3e5d81
- SHA256
  
  ac0eab52e15690398c630200e7000a1d291a863bca9709456f27b92c11cd81de
- SHA512
  
  02700df4c79c715849b4ee7fcdbc48e1dee7d5b96131af3f627fac55619e094a687d1e50d4efdb55ab471085848e44caf2d3d50da988a5dc5abecbd7c0967eba
- SSDEEP
  
  192:HeTm/XkXoiMQDtYnLSwyaXW+Y4LImWqYcyWKYuZDWsY6YW/Y/jg:HGsUSQZYnLt7/YSdpYJ3YGDNY3yYLg
Score

3^/10

execution
behavioral16
- Target
  
  resources/app.asar.unpacked/node_modules/node-windows/lib/node-windows.js
- Size
  
  868B
- MD5
  
  4565992b5d8a07ea7c612ea5ff1f06bc
- SHA1
  
  04a4912fcdb6589efae070881334e1e9df26d714
- SHA256
  
  82aa752e03146ebd96b4877e3627f9d92fa83a775da58fcdd33a2511afad4bda
- SHA512
  
  7a56cf316564b094096998fc660baab59bbebf510a8a35f9dabc387a9e4be86498bb3cd124c9146863d1c47695ac3314aec0826051a81239d6d77d5ef6319b41
Score

3^/10

execution
behavioral17
- Target
  
  resources/app.asar.unpacked/node_modules/node-windows/lib/winsw.js
- Size
  
  6KB
- MD5
  
  5196dae4cd3833d734470477f9f33b25
- SHA1
  
  ca1cb961447f10c6689e01f6801dfcd064895254
- SHA256
  
  09e78f8af7c7b6a919361c7263839254791748635ac2de70a1628d9d392eb77a
- SHA512
  
  881f75e77f50fee53a4cbb0ac55b6151dcef70bf4d6e71999a61650840a3e7dc60e03dec46b75639ee35f06e9bb2560d3a4dec0a548df07bdebb2da9bdf8efcf
- SSDEEP
  
  192:DIqr0Vhmqgi+/uv3uIoBKcsgjAasUTrRNNLaiqHJLZ:D7rKgRmUpXNLSJLZ
Score

3^/10

execution
behavioral18
- Target
  
  resources/app.asar.unpacked/node_modules/node-windows/lib/wrapper.js
- Size
  
  6KB
- MD5
  
  1f31d43d9b0b43b27f635764eaec8a54
- SHA1
  
  f4031ec1d4ce88a007cf6ab20925802f9f47acde
- SHA256
  
  6b3dadd321ebab9468429b4b1a0883c3af246f9c61ee1e432498b53e03a7bcfc
- SHA512
  
  44bc836786683263a3d5a6b49b3f29d31c27489518538eba14bd44cc61679626cb8f8f07143fd214886ca9219b59f0787413d490ec0c7ca1dc7e9337e9c5dad1
- SSDEEP
  
  192:hrqq+Bqr+wtgHEbNMZBtkJK6qz1QnYd5ncYm26NgbGUEOw:h9pywiqMBtkJgZQn8lm22gbXTw
Score

3^/10

execution
behavioral19
- Target
  
  resources/components/example.exe
- Size
  
  2.5MB
- MD5
  
  c03ad67e3a0bc893e490652b81406eb0
- SHA1
  
  a1909c60eb62d4a9e09f1c10b5f07548e648d78e
- SHA256
  
  9b0d98105555ed83a704847002679478524a3d3c7020e9ce414c36a3468306e5
- SHA512
  
  1d5d97a38e9aea42a69c7799539354f1921ebe6f7c7e1ef40aa82b631378e8a5ce6ef2bacd20b7342134e1ab586502798d76e5927577f2d781d10d6e19357916
- SSDEEP
  
  49152:k1XTdAqs37Wrb/TcvO90d7HjmAFd4A64nsfJk9n6tQn9SgHziQm9SSynD1r7Yp9B:h37T9n6nDdN
Score

1^/10
behavioral20
- Target
  
  resources/components/modules/containers/client/Microsoft.CSharp.dll
- Size
  
  982KB
- MD5
  
  8e7612cc8019d952a93d9b777e71b802
- SHA1
  
  d973dfb790614e9a5e7c3ce8b421c085d11937ed
- SHA256
  
  df495f74456ad5ae30a5bac440b4d3808fa2d13c377cce1afc0146b8319ded6e
- SHA512
  
  3a818940d3c6f5da11bc86c974a54323ae2a1ad876613790ffe68aa5b674c54e5de0c133614236f45a89de86a5547cae4f8e6f2c97d7874221b2b1a285e14355
- SSDEEP
  
  24576:XUpXJ0Hy8Ext+9whtbSa0wHVu9yH1sCzwUD/zD:EpXiHyN++tbLzHVu9yHXPjH
Score

1^/10
behavioral21
- Target
  
  resources/components/modules/containers/client/Microsoft.DiaSymReader.Native.amd64.dll
- Size
  
  1.8MB
- MD5
  
  804b9539f7be4ece92993dc95c8486f5
- SHA1
  
  ec3ca8f8d3cd2f68f676ad831f3f736d9c64895c
- SHA256
  
  76d0da51c2ed6ce4de34f0f703af564cbefd54766572a36b5a45494a88479e0b
- SHA512
  
  146c3b2a0416ac19b29a281e3fc3a9c4c5d6bdfc45444c2619f8f91beb0bdd615b26d5bd73f0537a4158f81b5eb3b9b4605b3e2000425f38eeeb94aa8b1a49f2
- SSDEEP
  
  24576:qz0s9kT3H8I0bo5rjwjnbRCJMy37DjZ3IrVynoT/RUqtMAIEohkGXTwImgP:qYs9m3H5rjQn1CiAnZ3yV+oTZQEoTTH
Score

1^/10
behavioral22
- Target
  
  resources/components/modules/containers/client/Microsoft.Extensions.DependencyInjection.Abstractions.dll
- Size
  
  62KB
- MD5
  
  38236f9c2408bda46c13efef364326fe
- SHA1
  
  03178026c200fd723bb75d08b9a4b70e93f6a45c
- SHA256
  
  a0106a638facae621f870eda720cb6c980c1d5d49c2f4351134e3fe043b9291b
- SHA512
  
  4abadae40a459be932359d6964c30e1e5fbef300736943bab42c1d66b5fa56c45ed10910acf6b36c302c8a40bc364df444220e2af8ff5854460c6a9542ff88b7
- SSDEEP
  
  1536:KCYbKF0XEQqb72cfdGWQAE389HD6dDCN6rzf:MUbQAKuj6dGNAj
Score

1^/10
behavioral23
- Target
  
  resources/components/modules/containers/client/Microsoft.Extensions.DependencyInjection.dll
- Size
  
  90KB
- MD5
  
  7d40b6217fc409171015d905a22f8e85
- SHA1
  
  27a31ec52498d9db2b09707ef603860a80fdb2cc
- SHA256
  
  8d6e7b64cce554f0a0fbdb2ba80745895fa0b4e6cc378b9fedfe8ce86f0d8ae4
- SHA512
  
  e998ab21e2a7f4df84f33c5d7bcb6d04c11481633362f4988f3a22820aa1f84744f51503947492217668b9db39e651d13cab0ef09d804b961aea2434314a3d66
- SSDEEP
  
  1536:6sS1Tz5tF1bQWVsdJCKTvZEmwbyQMUiEVzz:3QH5tsWUvZEmNQMAVn
Score

1^/10
behavioral24
- Target
  
  resources/components/modules/containers/client/Microsoft.Extensions.Logging.Abstractions.dll
- Size
  
  63KB
- MD5
  
  f48c45d592355ecc709677347e7f053d
- SHA1
  
  3e39ab7134f3ff4d1747e2fd46734826de4787e8
- SHA256
  
  29e6bfaf5ce079ad4d70dc547d966038992a7428df6e726084eb9010ec837715
- SHA512
  
  7f0a48988377a1dcb49b4a56a897c05f70ead34a08788ce8584be0c326b3debe56cb8e7225710aee5e676c02a0d1c4a51160056b98189abdaf2cfd9b4a61e4b2
- SSDEEP
  
  768:Uz7ouSrbVozuvi53ReiJd/zk6cuAJU/JJeUuvBtkJJQiH2hsm+YY/iDHji9zVN:vuoVozugRhTeU+AQ5+Ywi/+zVN
Score

1^/10
behavioral25
- Target
  
  resources/components/modules/containers/client/Microsoft.Extensions.Logging.dll
- Size
  
  49KB
- MD5
  
  5d938dc7ea664a133622c549c75f34f9
- SHA1
  
  31be5da67b58f47282f4581a587bb39d9cbc17e7
- SHA256
  
  4330a5efe9d110afb7f8e567d5b43eee976e0f7f6802d13a211b65d747529179
- SHA512
  
  b38899246011715224c32ecb6ccb41c4fa338aa32a72c3ac20da8e1fda4a2237c5812b1ce6a4f327f2ebfd878f7a25cdf6c2ea60315fda8469d15e0dcbf5d57d
- SSDEEP
  
  768:SbyNvwqX2LvG84aSFWZNSYv6VmTygGPSikiw64yw64Ibdez7+Rs7XTfWDs/idaiy:nd2C9a2+EYYbgGB4ImYYWDMida+zET
Score

1^/10
behavioral26
- Target
  
  resources/components/modules/containers/client/Microsoft.Extensions.Options.dll
- Size
  
  63KB
- MD5
  
  2f6f0c47136e38c0587d70b71d1b14fe
- SHA1
  
  67bb0af9a1ad1b273d3c2d7be753ddf4656fe38e
- SHA256
  
  5f9b0e589f1ce9ca656588cd92cc0bd53803fdfad258fb2916aaa14aedce682c
- SHA512
  
  2e15cb0f2f9934ac849c965b663f25b6fb15c4ce3bf674b693e481b92679e48af5f4013afda69595f0e3308803632578579bd45e01ca54037949c9f42b94367e
- SSDEEP
  
  1536:GahqHoZX+NmzYUGrCUidKHPhwMEyBoXeMi0zy:GYXfFGrCLQvhwME1XewO
Score

1^/10
behavioral27
- Target
  
  resources/components/modules/containers/client/Microsoft.Extensions.Primitives.dll
- Size
  
  42KB
- MD5
  
  f45226e320f41097397b1ba7468c2d1c
- SHA1
  
  1181845c7d16ac4c525eec67ec3a6dcfaa78a433
- SHA256
  
  446ff16e903e7479558816e213a3adee9a1c1adad65a56d853801b10933e29d7
- SHA512
  
  417466f57fa8c6d942be5d86b14da5915d507dfbd7aa8d2700b4dd79a9668897a6a6abaab225be45076bdb8d86ccf4777bb3c699b4002a081e4407604f4e2f87
- SSDEEP
  
  768:CKEGbmbB0QERF7v6EtkKS+1ke97a1O33ttBOP7yW5yfyqTuia+15OFyx/iCL9zRv:CpGe0QERFhkKSM7ag33ttBOP7yVfHTuu
Score

1^/10
behavioral28
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  ec0504e6b8a11d5aad43b296beeb84b2
- SHA1
  
  91b5ce085130c8c7194d66b2439ec9e1c206497c
- SHA256
  
  5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
- SHA512
  
  3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57
- SSDEEP
  
  96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr
Score

3^/10

discovery
behavioral29
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  4KB
- MD5
  
  f0438a894f3a7e01a4aae8d1b5dd0289
- SHA1
  
  b058e3fcfb7b550041da16bf10d8837024c38bf6
- SHA256
  
  30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
- SHA512
  
  f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
- SSDEEP
  
  48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj
Score

3^/10

discovery
behavioral30
- Target
  
  $PLUGINSDIR/nsis7z.dll
- Size
  
  424KB
- MD5
  
  80e44ce4895304c6a3a831310fbf8cd0
- SHA1
  
  36bd49ae21c460be5753a904b4501f1abca53508
- SHA256
  
  b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
- SHA512
  
  c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
- SSDEEP
  
  6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
Score

3^/10

discovery
behavioral31
- Target
  
  Uninstall RBXIDLE.exe
- Size
  
  141KB
- MD5
  
  8f118a803d0e0a3c371f7f07a20aea4d
- SHA1
  
  0c75940c1fdd173b42d57ebad53c0f96dc91e98a
- SHA256
  
  37d5e0c4ba5262b89ab1b882578261dd7a9f40a4af55218470ec2042e7dc222a
- SHA512
  
  c01149a41f1f1a9f6419c3952f0c559162816fbd5b85d7a86f50274c4e23fba3223b52aa18efff788b51d841cd812b4d948d308df5d9c261481d4db9146db2d3
- SSDEEP
  
  3072:QuO9CtrA8AxmQYTyYzu3CaTXbOaH2tvhOEA1RJCir86SrSrvrIa3E:rO94ruMQfuu3CCXbOs2t0EyL+taU
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral32