Overview

overview

10

Static

static

1

cbc777d1e0...13.lnk

windows7-x64

10

cbc777d1e0...13.lnk

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    acf4085b2fa977fc1350f0ddc2710502.bin

  • Size

    914KB

  • Sample

    240224-dpdsssfd82

  • MD5

    f14ae940f8a0b4bfd0c84629d5229205

  • SHA1

    47233b5f209e623ad9579073a43485a1ffb0a30d

  • SHA256

    bceb013154ba92f1382a84adbc987f362db9d3e6f88ef31adc7918a9b6e88c2f

  • SHA512

    c797c5c61bb54333725b865a98f57d884a6c106f5e7fbbf00f83aa2a66b0126d01d5f42e16e9ac19da1b5a4149c0b3d2ed3be85d265200a6d25c98b3e0057d06

  • SSDEEP

    24576:+96mNaEeKElmvNgdptY+iay3Yp6Rn8Lj1VQ4KmRXqvLCZgdL:62zXlmvN07iay3YQRn8n164KmtRgdL

Score
10/10
rokratrat

Malware Config

Targets

    • Target

      cbc777d1e018832790482e6fd82ab186ac02036c231f10064b14ff1d81832f13.lnk

    • Size

      52.0MB

    • MD5

      acf4085b2fa977fc1350f0ddc2710502

    • SHA1

      7155d89bae9acd67f5d8cdf651b73ee6b54262c3

    • SHA256

      cbc777d1e018832790482e6fd82ab186ac02036c231f10064b14ff1d81832f13

    • SHA512

      4aa010f680485f0241cbaff77d3a21509e2f73c4fdfe1940aa63f46949fcb39404e4a2c543c465098806b7059fab234de48fe9996ba1edd9c4a9b7b6ca1dbe70

    • SSDEEP

      24576:0Zthnqtka+Dj8bI6c94TuDjoZgRXTTYdy830QtO0oIJjW7sFAc1Mh5D2y8:U9OQj85c91wZgjbaJa7d2y8

    Score
    10/10
    rokratrat

    • Detect Rokrat payload

    • Rokrat

      Rokrat is a remote access trojan written in c++.

      ratrokrat

    • Blocklisted process makes network request

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks