Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

rCoA.js

windows7-x64

10

rCoA.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    rCoA.js

  • Size

    84KB

  • Sample

    230316-h2banabh7w

  • MD5

    9f9c96d904107988f9228890f0ca30d5

  • SHA1

    16f7c265d11ea75cb62345555c51073526a6c762

  • SHA256

    aaae46d614933d1f6d932e3ec9b76902ab2d5788a41e7e97858aa637b86f5233

  • SHA512

    cec6f9e4eec258f2f988afeaa0a4ce7a9fdd7d1d3839fa23e318f17374e784fb3d9958807a9ae24781af90fa1ab414390c59061a18f88c6c9af22d6c24073734

  • SSDEEP

    1536:g43+92oVhnGoW/bLBiVuuCHGHHfYLS0dwPphjiG5yE:TOrnn2P8V6mf65ds3P

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://dimoparkhogar.com/7VQuf/1
exe.dropper

https://fondationjoelkrasso.org/rjzgP6/1
exe.dropper

https://lamired.com/8FIz2P/1
exe.dropper

https://kotogadang-pusako.com/MweGD/1
exe.dropper

https://laposadadeugartearequipa.com/NARKhE/1
exe.dropper

https://earnforpak.com/CzIUp/1
exe.dropper

https://cocovedaglobal.com/XBtcjkQ/1
exe.dropper

https://accesstelematics.com/Ulo3MpM/1

Targets

    • Target

      rCoA.js

    • Size

      84KB

    • MD5

      9f9c96d904107988f9228890f0ca30d5

    • SHA1

      16f7c265d11ea75cb62345555c51073526a6c762

    • SHA256

      aaae46d614933d1f6d932e3ec9b76902ab2d5788a41e7e97858aa637b86f5233

    • SHA512

      cec6f9e4eec258f2f988afeaa0a4ce7a9fdd7d1d3839fa23e318f17374e784fb3d9958807a9ae24781af90fa1ab414390c59061a18f88c6c9af22d6c24073734

    • SSDEEP

      1536:g43+92oVhnGoW/bLBiVuuCHGHHfYLS0dwPphjiG5yE:TOrnn2P8V6mf65ds3P

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks