Resubmissions
02-07-2024 22:50
240702-2sljtayapr 602-07-2024 21:03
240702-zv7tqaygqe 601-07-2024 21:08
240701-zyw7dstdmj 628-06-2024 21:21
240628-z7jmnasdmd 1028-06-2024 21:19
240628-z6e8vasdke 428-06-2024 21:18
240628-z5zwvssdka 128-06-2024 21:16
240628-z4fftsvfrq 428-06-2024 21:11
240628-z1wnmssckh 128-06-2024 21:07
240628-zyemcavenr 6General
-
Target
RobloxStudioInstaller (2).exe
-
Size
4.5MB
-
Sample
240628-st3p2sybnk
-
MD5
34b2fd7c0a35ee46a8fc3a38ac18d489
-
SHA1
f0b1446847d05f8a28c98f1d0204d632644f5721
-
SHA256
7d30dad6bc7c79e0ee043bdc8dfd2b64d8b1ea19687b332683ed57bb55331118
-
SHA512
2d126018df5c0bdbf9e6906431a3fe988593080d6ce3077e7d7f85f564ad24f4c1a081bc0709900623604c76ed1f6037bf8f670e0334d2b0b146eea13196ffbb
-
SSDEEP
98304:n5vhdKHivtGeJKrsS3wA6RgN0VbTbcXC8I42nSbhh/A:1hSivEStS3ogN26InS4
Static task
static1
Behavioral task
behavioral1
Sample
RobloxStudioInstaller (2).exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
RobloxStudioInstaller (2).exe
-
Size
4.5MB
-
MD5
34b2fd7c0a35ee46a8fc3a38ac18d489
-
SHA1
f0b1446847d05f8a28c98f1d0204d632644f5721
-
SHA256
7d30dad6bc7c79e0ee043bdc8dfd2b64d8b1ea19687b332683ed57bb55331118
-
SHA512
2d126018df5c0bdbf9e6906431a3fe988593080d6ce3077e7d7f85f564ad24f4c1a081bc0709900623604c76ed1f6037bf8f670e0334d2b0b146eea13196ffbb
-
SSDEEP
98304:n5vhdKHivtGeJKrsS3wA6RgN0VbTbcXC8I42nSbhh/A:1hSivEStS3ogN26InS4
-
Adds Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Drops desktop.ini file(s)
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Active Setup
1Event Triggered Execution
2Image File Execution Options Injection
1Component Object Model Hijacking
1Browser Extensions
1