rokrat | 53ea99f463412c04f4e1f8116c6b7b76132f44600511e36b702855c1dfefcb98 | Triage

Submit
Reports

Overview

overview

Static

static

1

mal.lnk

windows7-x64

mal.lnk

windows10-2004-x64

Sharing

General

Target

53ea99f463412c04f4e1f8116c6b7b76132f44600511e36b702855c1dfefcb98.7z
Size

4.5MB
Sample

240226-fl7yksdd67
MD5

05a891e290ee4c789de8a8f51321489e
SHA1

0eda89ce30f45f77eecc967ed71128bbb4666c37
SHA256

53ea99f463412c04f4e1f8116c6b7b76132f44600511e36b702855c1dfefcb98
SHA512

e8f3ab93b746823ec226a45e047770d10dac91713a5a2a33c6fc8dba75922b4ff81afe13bf0e6e60eb780c5bf23662c2e0f833add92c3610a2daebe5aabbfb55
SSDEEP

12288:SIE7vcNfu6Unvjb71lewzSxk5iDTHxeZhtkzYLLXUHZEXGKD:SIEYNW6Uvjv64H5iPAZMULbAZEXxD

Score

10^/10

rokrat rat

Static task

static1

Behavioral task

behavioral1

Sample

mal.lnk

Resource

win7-20240221-en

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

mal.lnk

Resource

win10v2004-20240221-en

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  mal.lnk
- Size
  
  221.4MB
- MD5
  
  5f6682ad9da4590cba106e2f1a8cbe26
- SHA1
  
  7043c7c101532df47c832ce5270745dd3d1e8c08
- SHA256
  
  dbd5d662cc53d4b91cf7da9979cdffd1b4f702323bb9ec4114371bc6f4f0d4a6
- SHA512
  
  e744d1b0cf232c4cf224cd1413b13e41889692e2d1f29e948fe8d4a5cb1304bca9a7b5de9c34db98c8eb7440761d5233bc5ac6a4fe75de2d4009a06f318c1d35
- SSDEEP
  
  24576:P0sde6UvoEkUnigRXTTYdy830QtO0oIJjW7sFAc1Mh5l2yf:Mz6UvRXigjbaJa7f2yf
Score

10^/10

rokrat rat
- Detect Rokrat payload
- Rokrat
  Rokrat is a remote access trojan written in c++.
  rat rokrat
- Blocklisted process makes network request
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy