Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    RCO.exe

  • Size

    222KB

  • Sample

    240602-rkscaaed9t

  • MD5

    50f1747ff799c7570724b8b8f7067edd

  • SHA1

    a2184575ca32414f5befc2fb144f04bf8489c10f

  • SHA256

    93f24a17c16b1e18b9e7945c9977300409a397ad3e85dc240bc339f8e9c63673

  • SHA512

    98972b222f3f00ee6220870dc8b81e89cb3e07a951e040c775b056db332b827127ebde495cb90adb4341f2c1296308c6cd05a0e65abc334f0340143ba0d9b4ad

  • SSDEEP

    6144:FBlkZvaF4NTBma7zzALBp7VMfct/hSKUKq438eskP:FoSWNTskzALPtt/Bj38eN

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://raw.githubusercontent.com/o5u3/Roblox-Client-Optimizer/version/latestversion

Targets

    • Target

      RCO.exe

    • Size

      222KB

    • MD5

      50f1747ff799c7570724b8b8f7067edd

    • SHA1

      a2184575ca32414f5befc2fb144f04bf8489c10f

    • SHA256

      93f24a17c16b1e18b9e7945c9977300409a397ad3e85dc240bc339f8e9c63673

    • SHA512

      98972b222f3f00ee6220870dc8b81e89cb3e07a951e040c775b056db332b827127ebde495cb90adb4341f2c1296308c6cd05a0e65abc334f0340143ba0d9b4ad

    • SSDEEP

      6144:FBlkZvaF4NTBma7zzALBp7VMfct/hSKUKq438eskP:FoSWNTskzALPtt/Bj38eN

    Score
    10/10
    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks