rokrat | bb83597cdf057db754def79d3f94b6cf8837b358178e10e4cc792da56a7523b3 | Triage

Submit
Reports

Overview

overview

Static

static

1

bb83597cdf...b3.lnk

windows7-x64

6

bb83597cdf...b3.lnk

windows10-2004-x64

Sharing

General

Target

bb83597cdf057db754def79d3f94b6cf8837b358178e10e4cc792da56a7523b3
Size

51.4MB
Sample

241114-k5jsbawgnd
MD5

5b44285747891464c496aa477e450f10
SHA1

73417ded382af2e0f3fca04d8d07679af134038b
SHA256

bb83597cdf057db754def79d3f94b6cf8837b358178e10e4cc792da56a7523b3
SHA512

6855cc7f80972bd9ec0b138220636aca9b4e24e5a2d5663cf5147ee154b0d28a08facbbb44dcb336eefce7fccc6296d0644ed3a2e1b81f2cc0de8a616fccafe6
SSDEEP

12288:TbjNtn78DnM5CnYFE/oS2P5NdhuKp5AyE9KpNwZ66T9Nzk:TNto2i/J2P5ThuM5XE9aNwZs

Score

10^/10

rokrat defense_evasion discovery execution rat

Static task

static1

Behavioral task

behavioral1

Sample

bb83597cdf057db754def79d3f94b6cf8837b358178e10e4cc792da56a7523b3.lnk

Resource

win7-20240729-en

defense_evasion discovery execution

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

bb83597cdf057db754def79d3f94b6cf8837b358178e10e4cc792da56a7523b3.lnk

Resource

win10v2004-20241007-en

rokrat defense_evasion discovery execution rat

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  bb83597cdf057db754def79d3f94b6cf8837b358178e10e4cc792da56a7523b3
- Size
  
  51.4MB
- MD5
  
  5b44285747891464c496aa477e450f10
- SHA1
  
  73417ded382af2e0f3fca04d8d07679af134038b
- SHA256
  
  bb83597cdf057db754def79d3f94b6cf8837b358178e10e4cc792da56a7523b3
- SHA512
  
  6855cc7f80972bd9ec0b138220636aca9b4e24e5a2d5663cf5147ee154b0d28a08facbbb44dcb336eefce7fccc6296d0644ed3a2e1b81f2cc0de8a616fccafe6
- SSDEEP
  
  12288:TbjNtn78DnM5CnYFE/oS2P5NdhuKp5AyE9KpNwZ66T9Nzk:TNto2i/J2P5ThuM5XE9aNwZs
Score

10^/10

defense_evasion discovery execution rokrat rat
- Detect Rokrat payload
- Rokrat
  Rokrat is a remote access trojan written in c++.
  rat rokrat
- Rokrat family
  rokrat
- Blocklisted process makes network request
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryexecution

behavioral2

rokratdefense_evasiondiscoveryexecutionrat

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.