General
-
Target
Borat.rar
-
Size
9.6MB
-
Sample
240629-2gkhdayald
-
MD5
e3b10d235c365ac49d6855df0432bb76
-
SHA1
4ce182c19796cf8d4c017fdd8fd4b390de1eac7e
-
SHA256
53cdc49c7fb83b419c07edb45c544b106aaa37db00e8a37211678af6350a82f1
-
SHA512
bb91a4bf979516c2a19733772b4c34b09b45efbcec491f2fb62adde9222e6306ce32a17de3e6f9b3d7338a93f3d72e4747a23157675663f00e9f153bc4ec4704
-
SSDEEP
196608:XrmtNiLocMQin2MKY9U6Qw9w/ZpX4ff5c4lgg0:7mt5tn2y9Woff5c4G
Behavioral task
behavioral1
Sample
Borat.rar
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Borat.rar
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Borat/BoratRat.exe
Resource
win7-20240419-en
Behavioral task
behavioral4
Sample
Borat/BoratRat.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
Borat.rar
-
Size
9.6MB
-
MD5
e3b10d235c365ac49d6855df0432bb76
-
SHA1
4ce182c19796cf8d4c017fdd8fd4b390de1eac7e
-
SHA256
53cdc49c7fb83b419c07edb45c544b106aaa37db00e8a37211678af6350a82f1
-
SHA512
bb91a4bf979516c2a19733772b4c34b09b45efbcec491f2fb62adde9222e6306ce32a17de3e6f9b3d7338a93f3d72e4747a23157675663f00e9f153bc4ec4704
-
SSDEEP
196608:XrmtNiLocMQin2MKY9U6Qw9w/ZpX4ff5c4lgg0:7mt5tn2y9Woff5c4G
Score3/10 -
-
-
Target
Borat/BoratRat.exe
-
Size
20.0MB
-
MD5
65b694d69d327efe28fcbce125401e96
-
SHA1
049d4d71742b99a598c074458f1f2d5b0119e912
-
SHA256
de60ecbbfef30c93fe8875ef69b358b20076d1f969fc3d21ab44d59dc9ef7cab
-
SHA512
7ab57642e414e134e851d9aa2ed3ef8b483f3a5f77877cdc04e08d7f95c44884f8ccc6beaf8ba7f6949cfd7398c46be46c024d4fdeacd3a332d4565609baad5b
-
SSDEEP
393216:V+G+oTCP+Zw6NLIsFfskh1BmXGnfBd+Uw:IGpTCP+Zlnk0rmkBYUw
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Renames multiple (6372) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1