Overview

overview

10

Static

static

3

RCO.exe

windows7-x64

10

RCO.exe

windows10-1703-x64

10

RCO.exe

windows10-2004-x64

10

RCO.exe

windows11-21h2-x64

10

Resubmissions

18/02/2024, 08:03

240218-jxt3msgb53 10

18/02/2024, 08:00

240218-jwdn9sgb45 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    RCO.exe

  • Size

    224KB

  • Sample

    240218-jxt3msgb53

  • MD5

    0e0d953a913ece5f75334a3b4cf10e60

  • SHA1

    669855b30d0a743b8845f0fd21beb3ce3bfab096

  • SHA256

    1d75322446c9594ca5924176a2006c241f89c10e1cbcf60c1c21b305e210100f

  • SHA512

    a04e15e00aeb516d0973979fa0bd076e27a0b74aa94234608b009571d7d560aadbf116808812a171efc9c309f0a1d34e6b5ec232d9ef7e9f796ed96c5b61ddc3

  • SSDEEP

    6144:5BlkZvaF4NTBXR7zzALBp7VMfct/hSKUKq438eaUhjCZryZ:5oSWNT9tzALPtt/Bj38e+rI

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://raw.githubusercontent.com/o5u3/Roblox-Client-Optimizer/version/latestversion

Targets

    • Target

      RCO.exe

    • Size

      224KB

    • MD5

      0e0d953a913ece5f75334a3b4cf10e60

    • SHA1

      669855b30d0a743b8845f0fd21beb3ce3bfab096

    • SHA256

      1d75322446c9594ca5924176a2006c241f89c10e1cbcf60c1c21b305e210100f

    • SHA512

      a04e15e00aeb516d0973979fa0bd076e27a0b74aa94234608b009571d7d560aadbf116808812a171efc9c309f0a1d34e6b5ec232d9ef7e9f796ed96c5b61ddc3

    • SSDEEP

      6144:5BlkZvaF4NTBXR7zzALBp7VMfct/hSKUKq438eaUhjCZryZ:5oSWNT9tzALPtt/Bj38e+rI

    Score
    10/10

    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks