Rozena Malware Sample Download

Rozena belongs to a growing family of file less malware. Its executable is disguised with Microsoft Office Word Document's icon that lure its victim to open it.

Rozena Malware Disguise as Word Document

Upon execution, it creates a file in Windows Temporary folder with a filename Hi6kI7hcxZwUI. From where it will spawn a PowerShell script via command line. Then it contact its command and control server's IP,, in Brazil, which is hard coded in the PowerShell script. Rozena Signatures are as follows.
MD5: ee190bb454105ad2b21c037166739be1
SHA1: 3d53530069318eda41be9f76881dbdfb4b22b8e3
SHA256: c23d6700e93903d05079ca1ea4c1e36151cdba4c5518750dc604829c0d7b80a7
SSDEEP: 6144:4+f/R+tx4U9F1EWONas5t38dX6p4098E43U7kpjPcnFOHuln+Otc+EkzI8jSejCd:QKmFWR5nlvFzuExQdbs/5OuOO1RU

Rozena Sample Download

Download Rozena Malware Sample
© Tutorial Jinni