rokrat | dbd5d662cc53d4b91cf7da9979cdffd1b4f702323bb9ec4114371bc6f4f0d4a6 | Triage

Submit
Reports

Overview

overview

Static

static

1

(안보칼...��.lnk

windows7-x64

(안보칼...��.lnk

windows10-2004-x64

7

Sharing

General

Target

(안보칼럼) 반국가세력에 안보기관이 무기력해서는 안된다
Size

221.4MB
Sample

240222-ew441abe2x
MD5

5f6682ad9da4590cba106e2f1a8cbe26
SHA1

7043c7c101532df47c832ce5270745dd3d1e8c08
SHA256

dbd5d662cc53d4b91cf7da9979cdffd1b4f702323bb9ec4114371bc6f4f0d4a6
SHA512

e744d1b0cf232c4cf224cd1413b13e41889692e2d1f29e948fe8d4a5cb1304bca9a7b5de9c34db98c8eb7440761d5233bc5ac6a4fe75de2d4009a06f318c1d35
SSDEEP

24576:P0sde6UvoEkUnigRXTTYdy830QtO0oIJjW7sFAc1Mh5l2yf:Mz6UvRXigjbaJa7f2yf

Score

10^/10

rokrat rat

Static task

static1

Behavioral task

behavioral1

Sample

(안보칼럼) 반국가세력에 안보기관이 무기력해서는 안된다.lnk

Resource

win7-20240221-en

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

(안보칼럼) 반국가세력에 안보기관이 무기력해서는 안된다.lnk

Resource

win10v2004-20240221-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  (안보칼럼) 반국가세력에 안보기관이 무기력해서는 안된다
- Size
  
  221.4MB
- MD5
  
  5f6682ad9da4590cba106e2f1a8cbe26
- SHA1
  
  7043c7c101532df47c832ce5270745dd3d1e8c08
- SHA256
  
  dbd5d662cc53d4b91cf7da9979cdffd1b4f702323bb9ec4114371bc6f4f0d4a6
- SHA512
  
  e744d1b0cf232c4cf224cd1413b13e41889692e2d1f29e948fe8d4a5cb1304bca9a7b5de9c34db98c8eb7440761d5233bc5ac6a4fe75de2d4009a06f318c1d35
- SSDEEP
  
  24576:P0sde6UvoEkUnigRXTTYdy830QtO0oIJjW7sFAc1Mh5l2yf:Mz6UvRXigjbaJa7f2yf
Score

10^/10

rokrat rat
- Detect Rokrat payload
- Rokrat
  Rokrat is a remote access trojan written in c++.
  rat rokrat
- Blocklisted process makes network request
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy