Resubmissions

30-06-2024 01:18

240630-bn62va1erg 10

29-06-2024 22:53

240629-2t7tfaydje 10

29-06-2024 22:33

240629-2gkhdayald 10

General

  • Target

    Borat.rar

  • Size

    9.6MB

  • Sample

    240629-2gkhdayald

  • MD5

    e3b10d235c365ac49d6855df0432bb76

  • SHA1

    4ce182c19796cf8d4c017fdd8fd4b390de1eac7e

  • SHA256

    53cdc49c7fb83b419c07edb45c544b106aaa37db00e8a37211678af6350a82f1

  • SHA512

    bb91a4bf979516c2a19733772b4c34b09b45efbcec491f2fb62adde9222e6306ce32a17de3e6f9b3d7338a93f3d72e4747a23157675663f00e9f153bc4ec4704

  • SSDEEP

    196608:XrmtNiLocMQin2MKY9U6Qw9w/ZpX4ff5c4lgg0:7mt5tn2y9Woff5c4G

Malware Config

Targets

    • Target

      Borat.rar

    • Size

      9.6MB

    • MD5

      e3b10d235c365ac49d6855df0432bb76

    • SHA1

      4ce182c19796cf8d4c017fdd8fd4b390de1eac7e

    • SHA256

      53cdc49c7fb83b419c07edb45c544b106aaa37db00e8a37211678af6350a82f1

    • SHA512

      bb91a4bf979516c2a19733772b4c34b09b45efbcec491f2fb62adde9222e6306ce32a17de3e6f9b3d7338a93f3d72e4747a23157675663f00e9f153bc4ec4704

    • SSDEEP

      196608:XrmtNiLocMQin2MKY9U6Qw9w/ZpX4ff5c4lgg0:7mt5tn2y9Woff5c4G

    Score
    3/10
    • Target

      Borat/BoratRat.exe

    • Size

      20.0MB

    • MD5

      65b694d69d327efe28fcbce125401e96

    • SHA1

      049d4d71742b99a598c074458f1f2d5b0119e912

    • SHA256

      de60ecbbfef30c93fe8875ef69b358b20076d1f969fc3d21ab44d59dc9ef7cab

    • SHA512

      7ab57642e414e134e851d9aa2ed3ef8b483f3a5f77877cdc04e08d7f95c44884f8ccc6beaf8ba7f6949cfd7398c46be46c024d4fdeacd3a332d4565609baad5b

    • SSDEEP

      393216:V+G+oTCP+Zw6NLIsFfskh1BmXGnfBd+Uw:IGpTCP+Zlnk0rmkBYUw

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Renames multiple (6372) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

MITRE ATT&CK Enterprise v15

Tasks