Overview

overview

10

Static

static

1

RCO-Installer.cmd

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    RCO-Installer.cmd

  • Size

    1KB

  • Sample

    230806-xj9g3add2t

  • MD5

    208e15d5012517de5fb1892510e46880

  • SHA1

    c3040ac466d3b60792d507269c40b664fdbc94aa

  • SHA256

    5d19ce5ef6a3d619f6f3812424880c9e47609ac244161d1ead7398b2166381f2

  • SHA512

    397926ece7c4969d615f639bedec4f6171bbd3e41bd313b0ff0ac2bb5d44948995a9026830a993e41fad1028b9046bafc267193c99810cd0406be49f03a408f6

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://roblox-client-optimizer.simulhost.com/ClientAppSettings.json

Targets

    • Target

      RCO-Installer.cmd

    • Size

      1KB

    • MD5

      208e15d5012517de5fb1892510e46880

    • SHA1

      c3040ac466d3b60792d507269c40b664fdbc94aa

    • SHA256

      5d19ce5ef6a3d619f6f3812424880c9e47609ac244161d1ead7398b2166381f2

    • SHA512

      397926ece7c4969d615f639bedec4f6171bbd3e41bd313b0ff0ac2bb5d44948995a9026830a993e41fad1028b9046bafc267193c99810cd0406be49f03a408f6

    Score
    10/10

    • Blocklisted process makes network request

    behavioral1

MITRE ATT&CK Matrix

Tasks