Analysis
-
max time kernel
147s -
max time network
136s -
platform
windows10-1703_x64 -
resource
win10-20231215-en -
resource tags
arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system -
submitted
24/12/2023, 02:05 UTC
Behavioral task
behavioral1
Sample
b47c77d237243747a51dd02d836444ba067cf6cc4b8b3344e5cf791f5f41d20e.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
b47c77d237243747a51dd02d836444ba067cf6cc4b8b3344e5cf791f5f41d20e.exe
Resource
win10-20231215-en
Behavioral task
behavioral3
Sample
b47c77d237243747a51dd02d836444ba067cf6cc4b8b3344e5cf791f5f41d20e.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral4
Sample
b47c77d237243747a51dd02d836444ba067cf6cc4b8b3344e5cf791f5f41d20e.exe
Resource
win11-20231215-en
General
-
Target
b47c77d237243747a51dd02d836444ba067cf6cc4b8b3344e5cf791f5f41d20e.exe
-
Size
20.7MB
-
MD5
ddab2fe165c9c02281780f38f04a614e
-
SHA1
2a5ad37e94037a4fc39ce7ba2d66ed8a424383e4
-
SHA256
b47c77d237243747a51dd02d836444ba067cf6cc4b8b3344e5cf791f5f41d20e
-
SHA512
2ed2fae0cf40365710b237def0762c2afe5f7a7ee67d7a5ebcf2edf35e65dcfa761bf9a8557fa4fbe57f17a54043f700e7131fb170afdba37bc255d163f6b74f
-
SSDEEP
393216:STs66TCP+Zw6NLIsFfskh1BmXGN1Bd++ufV:Es66TCP+Zlnk0rmYBYF
Malware Config
Signatures
-
BoratRAT 3 IoCs
BoratRAT is an all-in-one malware toolkit that is capable of a variety of destructive activities, including acting as a ransomware, and performing credential theft.
resource yara_rule behavioral2/memory/2360-0-0x0000000000400000-0x00000000018A2000-memory.dmp family_boratrat behavioral2/memory/2360-2-0x0000000000400000-0x000000000185A000-memory.dmp family_boratrat behavioral2/memory/2360-9-0x0000000000400000-0x00000000018A2000-memory.dmp family_boratrat -
Async RAT payload 3 IoCs
resource yara_rule behavioral2/memory/2360-0-0x0000000000400000-0x00000000018A2000-memory.dmp asyncrat behavioral2/memory/2360-2-0x0000000000400000-0x000000000185A000-memory.dmp asyncrat behavioral2/memory/2360-9-0x0000000000400000-0x00000000018A2000-memory.dmp asyncrat
Processes
Network
-
Remote address:8.8.8.8:53Request178.223.142.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request114.110.16.96.in-addr.arpaIN PTRResponse114.110.16.96.in-addr.arpaIN PTRa96-16-110-114deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request13.227.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request5.173.189.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request180.178.17.96.in-addr.arpaIN PTRResponse180.178.17.96.in-addr.arpaIN PTRa96-17-178-180deploystaticakamaitechnologiescom
-
73 B 147 B 1 1
DNS Request
178.223.142.52.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
114.110.16.96.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
13.227.111.52.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
180.178.17.96.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
5.173.189.20.in-addr.arpa