MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5fec6e533fb9741997530a3d43b60ee44e2e6dc0fd443ef135b9d311b73d92a8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ROKRAT


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5fec6e533fb9741997530a3d43b60ee44e2e6dc0fd443ef135b9d311b73d92a8
SHA3-384 hash: 4435e23f1b4b812a9ff7b2e2e0915df68d82523424017a88823bc5012570fd6540651ddaba8025b386c9f7e1e8c0b611
SHA1 hash: 21b25271deb8075cd7e5cd2adec4c02b78890bea
MD5 hash: 7fcda694bbd3640d7fe1cbdf4ef3751d
humanhash: ink-vermont-robin-zebra
File name:제20대_대통령선거_선거권자_개표참관인_공개_모집(최종).hwp
Download: download sample
Signature ROKRAT
Create hunting rule
File size:10'542 bytes
First seen:2024-03-02 13:29:31 UTC
Last seen:Never
File type:PowerShell (PS) ps1
MIME type:text/x-msdos-batch
ssdeep 192:aiXfUWGX6ij5oLygB79ygB3yZgwiXfUWGX6ij5oLygB79ygB3yZgp:acUwClgSgwZjcUwClgSgwZA
TLSH T17222FEE4A1BED6814B7264847E1CA3CB2A263362C3903E78FA15CD1477C1F75B66C49E
Reporter smica83
Tags:APT37 ps1 RokRat

Intelligence

File Origin
# of uploads :
1
# of downloads :
266
Origin country :
HU HU
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PowerShell.Agent.tg.793.15261.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Labled as:
Trojan.PowerShell.Agent
Link:
https://www.hybrid-analysis.com/sample/5fec6e533fb9741997530a3d43b60ee44e2e6dc0fd443ef135b9d311b73d92a8
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1401899
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1401899 Sample: 885).hwp.ps1 Startdate: 02/03/2024 Architecture: WINDOWS Score: 48 10 Multi AV Scanner detection for submitted file 2->10 6 powershell.exe 11 2->6         started        process3 process4 8 conhost.exe 6->8         started       
Score:
13%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/5fec6e533fb9741997530a3d43b60ee44e2e6dc0fd443ef135b9d311b73d92a8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5fec6e533fb9741997530a3d43b60ee44e2e6dc0fd443ef135b9d311b73d92a8/
Threat name:
Text.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-08-15 16:50:55 UTC
File Type:
Text (Batch)
AV detection:
3 of 24 (12.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=l7wg4uz7xf2btf2tbi6uhnqo4rhc43oa7vcd54jvxhjrdnz5skua._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/240302-tcrrwsef8y/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
RokRAT
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5fec6e533fb9741997530a3d43b60ee44e2e6dc0fd443ef135b9d311b73d92a8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://www.0x0v1.com/rearchive-rokrat-hwp/

Comments