Rozena Malware Sample Download

Posted Under: Backdoor, Download Fileless Malware Samples, Download Free Malware Samples , EXE, Malware, PowerShell on Jul 4, 2018

Rozena belongs to a growing family of file less malware. Its executable is disguised with Microsoft Office Word Document's icon that lure its victim to open it.

Rozena Malware Disguise as Word Document

Rozena Malware Disguise as Word Document

Upon execution, it creates a file in Windows Temporary folder with a filename Hi6kI7hcxZwUI. From where it will spawn a PowerShell script via command line. Then it contact its command and control server's IP, 18.231.121.185:443, in Brazil, which is hard coded in the PowerShell script. Rozena Signatures are as follows.

MD5: ee190bb454105ad2b21c037166739be1
SHA1: 3d53530069318eda41be9f76881dbdfb4b22b8e3
SHA256: c23d6700e93903d05079ca1ea4c1e36151cdba4c5518750dc604829c0d7b80a7
SSDEEP: 6144:4+f/R+tx4U9F1EWONas5t38dX6p4098E43U7kpjPcnFOHuln+Otc+EkzI8jSejCd:QKmFWR5nlvFzuExQdbs/5OuOO1RU

Rozena Sample Download

        Click to Load Comments
    

		PowerPepper Malware Sample Download PowerPepper is a Windows in-memory PowerShell backdoor that can execu...
		OilRig BONDUPDATER Malware Sample OilRig a threat actor actively know from 2016, now uses a new threat ...
		PowerPool Malware Sample PowerPool malware exploits a 0-day vulnerability in Microsoft Windows...
		BPFDoor Linux Backdoor BPFDoor is a highly evasive surveillance tool using the Berkeley Packe...
		B1txor20 Linux Botnet B1txor20 is assembling its army of bot on Linux machines. It is explo...
		Bvp47 Equation Group Backdoor BVP47 is a NSA backed Tailored Access oprations (TAO) backdoor. It is...
		linux_avp Malware Download Hacker skim sensitive information from e-commerce website by deploying...
		IPsec Helper Backdoor Download IPsec Helper is a backdoor implant used by Agrius APT. Agrius is attri...

Rozena Malware Sample Download

Rozena Sample Download

Subscribe YouTube

Related Posts