Overview

overview

7

Static

static

3

update/Rob...ot.exe

windows7-x64

7

update/Rob...ot.exe

windows10-2004-x64

7

update/keybinds.py

windows7-x64

3

update/keybinds.py

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    update.rar

  • Size

    64.8MB

  • Sample

    240701-m4s1ps1cnq

  • MD5

    37ab78fec932a0cf29faaeec4afdf2f1

  • SHA1

    170b01faf2f5cc047442c90bb12c1b6321610e8a

  • SHA256

    02b560fa9997e5d67b4ae6a2e9d34e45243698dda71f3339b58e0a45045efbc4

  • SHA512

    8470584fb1031f972f37658d4d5374f089d210c0f29c0a6d9ae3fe05c39a373bc845fe676259c10f44d0f35f1a1b2ff583a227e3dc8945d45c72ad107027fbee

  • SSDEEP

    1572864:2eGqIPISpKGlUoo2U24gr65cOIo6PLhE+ocVu7iWOg9UQ5Pwl:2eGJPNpKGbw2965cFlPocVEzZ5U

Score
7/10
pyinstaller

Malware Config

Targets

    • Target

      update/Roblox Colorbot.exe

    • Size

      65.4MB

    • MD5

      fdffb873ef945f515c711283c304bed4

    • SHA1

      1ac50757d8214644a406a481772f524c4d6dcf9e

    • SHA256

      5cad59aece042dc464a1fcaead3e4d421e9bdaef58c161d6ab3f3861419baf23

    • SHA512

      f6f24f23e3202707d6657f28f29796f79d2cb626aa381b31d833553679d0cf8f22d7d6e9edd2d3dbbf1dfeddbed0a9035c564a51de059a189233122252cff1a9

    • SSDEEP

      1572864:ipQ8daQ9wFP/V4f6Gj53ikjt4jRq2GqFOPV5Zi22qHWB75iUHS7WOQGWWH:mWft/VG6RmtCRlGPrl2qHO5iloGWW

    Score
    7/10

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

    • Target

      update/keybinds.py

    • Size

      4KB

    • MD5

      ba6b93f22777b6c4794bb439cd839362

    • SHA1

      7a02b68c839c53daff04255ee92db415e9034c66

    • SHA256

      bc9548e307afd456096da0291bde060f01f2684794ed4c4af8449341dc02ee6d

    • SHA512

      7cd85465675025e30c35e0d8b850891a31b23114bfa4fb3b75a5ee6d405916de299f92c9d22fbad67dfd5e7aea45545d64b685f7e0824e4b84839e010e7d510b

    • SSDEEP

      96:1H2Jjn5GF6TediIwgzMZs9G/OK70JRxGXpsdqBZIWBFB:sjCNVwg4Zs9xJemqBeWzB

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks