asyncrat | 53cdc49c7fb83b419c07edb45c544b106aaa37db00e8a37211678af6350a82f1

Analysis

max time kernel
260s
max time network
257s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2024, 20:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Borat.rar
Size

9.6MB
MD5

e3b10d235c365ac49d6855df0432bb76
SHA1

4ce182c19796cf8d4c017fdd8fd4b390de1eac7e
SHA256

53cdc49c7fb83b419c07edb45c544b106aaa37db00e8a37211678af6350a82f1
SHA512

bb91a4bf979516c2a19733772b4c34b09b45efbcec491f2fb62adde9222e6306ce32a17de3e6f9b3d7338a93f3d72e4747a23157675663f00e9f153bc4ec4704
SSDEEP

196608:XrmtNiLocMQin2MKY9U6Qw9w/ZpX4ff5c4lgg0:7mt5tn2y9Woff5c4G

Score

10^/10

asyncrat rat

Malware Config

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Executes dropped EXE 4 IoCs

pid	Process
2748	BoratRat.exe
404	Client.exe
4896	BoratRat.exe
2276	Client.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 42 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0	BoratRat.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0\MRUListEx = 00000000ffffffff	BoratRat.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell	BoratRat.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	BoratRat.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	BoratRat.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0\0\MRUListEx = ffffffff	BoratRat.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	BoratRat.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0\0 = 500031000000000045552d231000426f726174003c0009000400efbedd58a9a3dd58a9a32e000000f23302000000070000000000000000000000000000009aad050142006f00720061007400000014000000	BoratRat.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0\0	BoratRat.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	BoratRat.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1	BoratRat.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	BoratRat.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	BoratRat.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	BoratRat.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	BoratRat.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	BoratRat.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	BoratRat.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202	BoratRat.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\MRUListEx = 0100000000000000ffffffff	BoratRat.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\MRUListEx = 00000000ffffffff	BoratRat.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11	BoratRat.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\SniffedFolderType = "Generic"	BoratRat.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	BoratRat.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	BoratRat.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	BoratRat.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0 = 5000310000000000dd58a9a31000426f726174003c0009000400efbedd58a9a3dd58a9a32e000000f133020000000700000000000000000000000000000012c21e0142006f00720061007400000014000000	BoratRat.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202	BoratRat.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	BoratRat.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	BoratRat.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	BoratRat.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	BoratRat.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	BoratRat.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	BoratRat.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0	BoratRat.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg	BoratRat.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	BoratRat.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1 = 7e00310000000000dd58a9a311004465736b746f7000680009000400efbea8582d61dd58a9a32e00000078e101000000010000000000000000003e000000000012c21e014400650073006b0074006f007000000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370036003900000016000000	BoratRat.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0\0\NodeSlot = "11"	BoratRat.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	BoratRat.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	BoratRat.exe

Suspicious behavior: EnumeratesProcesses 51 IoCs

pid	Process
2748	BoratRat.exe
2748	BoratRat.exe
2748	BoratRat.exe
2748	BoratRat.exe
2748	BoratRat.exe
2748	BoratRat.exe
2748	BoratRat.exe
2748	BoratRat.exe
2748	BoratRat.exe
2748	BoratRat.exe
2748	BoratRat.exe
2748	BoratRat.exe
2748	BoratRat.exe
2748	BoratRat.exe
2748	BoratRat.exe
2748	BoratRat.exe
2748	BoratRat.exe
2748	BoratRat.exe
2748	BoratRat.exe
2748	BoratRat.exe
2748	BoratRat.exe
2748	BoratRat.exe
2748	BoratRat.exe
2748	BoratRat.exe
2748	BoratRat.exe
2748	BoratRat.exe
4896	BoratRat.exe
4896	BoratRat.exe
4896	BoratRat.exe
4896	BoratRat.exe
4896	BoratRat.exe
4896	BoratRat.exe
4896	BoratRat.exe
4896	BoratRat.exe
4896	BoratRat.exe
4896	BoratRat.exe
4896	BoratRat.exe
4896	BoratRat.exe
4896	BoratRat.exe
4896	BoratRat.exe
4896	BoratRat.exe
4896	BoratRat.exe
4896	BoratRat.exe
4896	BoratRat.exe
4896	BoratRat.exe
4896	BoratRat.exe
4896	BoratRat.exe
4896	BoratRat.exe
4896	BoratRat.exe
4896	BoratRat.exe
4896	BoratRat.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
3404	OpenWith.exe
2748	BoratRat.exe
4896	BoratRat.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeRestorePrivilege	4820	7zG.exe
Token: 35	4820	7zG.exe
Token: SeSecurityPrivilege	4820	7zG.exe
Token: SeSecurityPrivilege	4820	7zG.exe
Token: SeDebugPrivilege	2748	BoratRat.exe
Token: SeDebugPrivilege	404	Client.exe
Token: SeDebugPrivilege	4896	BoratRat.exe
Token: SeDebugPrivilege	2276	Client.exe

Suspicious use of FindShellTrayWindow 7 IoCs

pid	Process
4820	7zG.exe
2748	BoratRat.exe
2748	BoratRat.exe
4896	BoratRat.exe
4896	BoratRat.exe
4896	BoratRat.exe
4896	BoratRat.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
2748	BoratRat.exe
2748	BoratRat.exe
4896	BoratRat.exe
4896	BoratRat.exe
4896	BoratRat.exe

Suspicious use of SetWindowsHookEx 18 IoCs

pid	Process
3404	OpenWith.exe
3404	OpenWith.exe
3404	OpenWith.exe
3404	OpenWith.exe
3404	OpenWith.exe
3404	OpenWith.exe
3404	OpenWith.exe
3404	OpenWith.exe
3404	OpenWith.exe
3404	OpenWith.exe
3404	OpenWith.exe
3404	OpenWith.exe
3404	OpenWith.exe
3404	OpenWith.exe
3404	OpenWith.exe
3404	OpenWith.exe
3404	OpenWith.exe
2748	BoratRat.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Borat.rar
1⤵
- Modifies registry class
PID:4272

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3404

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3304

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Borat\" -ad -an -ai#7zMap306:68:7zEvent903
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4820

C:\Users\Admin\Desktop\Borat\Borat\BoratRat.exe
"C:\Users\Admin\Desktop\Borat\Borat\BoratRat.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2748

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:220

C:\Users\Admin\Desktop\Borat\Borat\Client.exe
"C:\Users\Admin\Desktop\Borat\Borat\Client.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:404

C:\Users\Admin\Desktop\Borat\Borat\BoratRat.exe
"C:\Users\Admin\Desktop\Borat\Borat\BoratRat.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4896

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:2988

C:\Users\Admin\Desktop\Borat\Borat\Client.exe
"C:\Users\Admin\Desktop\Borat\Borat\Client.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\BoratRat.exe.log

Filesize
1KB

MD5
a1c1a009d32b0fbd4d962a8853766e2e

SHA1
4f60f6bc103e6d2e17eb23d2d9213c23d39e1474

SHA256
1a4c72a376fb49c27b4ae45efe5450e87767cfb339556e12777afa2669c329b2

SHA512
ebeb4dc2222b8a9f55e90701d4a80c8aefb43a53b4cee531a85e7e7a23e4c62123a1f20aadff0796e182918ff2073509afda7f47966655316ebe2b0c87471c41

Download Submit
C:\Users\Admin\AppData\Local\Server\BoratRat.exe_Url_w0en52dl030nftthqfvkkh0ok4obzuv5\1.0.7.0\user.config

Filesize
580B

MD5
acb6df8bd0fe9236ea87ea6e3c28173f

SHA1
8b1d88bd749b58905c6db258e7224a67d1179938

SHA256
ec2b3fc4d011e9b8a04188d8f2ff280de854dde7d6ebf8e871e0642f789dfa5b

SHA512
a4222c0f5aeba58679c21361dcb6ab2c7ed1d9cae41d2839089fdb7bbaac3b8735afff8b302557f85389daa977b826cee77b944ba598e3fa6c2a16781453a832

Download Submit
C:\Users\Admin\AppData\Local\Server\BoratRat.exe_Url_w0en52dl030nftthqfvkkh0ok4obzuv5\1.0.7.0\user.config

Filesize
309B

MD5
0c6e4f57ebaba0cc4acfc8bb65c589f8

SHA1
8c021c2371b87f2570d226b419c64c3102b8d434

SHA256
a9539ba4eae9035b2ff715f0e755aa772b499d72ccab23af2bf5a2dc2bcfa41c

SHA512
c6b877ff887d029e29bf35f53006b8c84704f73b74c616bf97696d06c6ef237dff85269bdf8dfb432457b031dd52410e2b883fd86c3f54b09f0a072a689a08c0

Download Submit
C:\Users\Admin\Desktop\Borat\Borat\BoratRat.exe

Filesize
20.0MB

MD5
65b694d69d327efe28fcbce125401e96

SHA1
049d4d71742b99a598c074458f1f2d5b0119e912

SHA256
de60ecbbfef30c93fe8875ef69b358b20076d1f969fc3d21ab44d59dc9ef7cab

SHA512
7ab57642e414e134e851d9aa2ed3ef8b483f3a5f77877cdc04e08d7f95c44884f8ccc6beaf8ba7f6949cfd7398c46be46c024d4fdeacd3a332d4565609baad5b

Download Submit
C:\Users\Admin\Desktop\Borat\Borat\BoratRat.exe.config

Filesize
5KB

MD5
3e645ccca1c44a00210924a3b0780955

SHA1
5d8e8115489ac505c1d10fdd64e494e512dba793

SHA256
f29e697efd7c5ecb928c0310ea832325bf6518786c8e1585e1b85cdc8701602f

SHA512
ea7e3a6e476345870f05124a56dde266e1ad04b557b2dde83c5674cfdf3be00f26d3db6a14a8d88ecf75e2c9e3a12e6955f6c85654ba967c17664e9acc3d4f1f

Download Submit
C:\Users\Admin\Desktop\Borat\Borat\Client.exe

Filesize
56KB

MD5
a5f63108669956c2e6dbf61e30eb3e19

SHA1
965d6a02ab6d4ad5b50616a604f05970e6d953f5

SHA256
d9c93200870fe1da7af28a95b6aced972320193d2dbf5e0179b713581120ce55

SHA512
2dc8a3fe5fb82f81d7888334871e65c80863bf84bb42b777cb756a37a1ce448bc877a97b3f3e6aff3be2e1f94233d1398a1eaf2dcbb63c51c94e0d3a1b16efc5

Download Submit
C:\Users\Admin\Desktop\Borat\Borat\ServerCertificate.p12

Filesize
1KB

MD5
478ee44a47895e687296b9ab34df04c4

SHA1
4b81e94f3d3a99cc01d5c57bd5bec8317f0aca4f

SHA256
4b0612b2cd5e7ecc456d5c29c89917b8ec881c5f4fd94afe157098ca96308781

SHA512
28c0635f1e5062fcdef783aceaa8aa53531f18ce66d4aed62a99ec5b31a364e0d0d36fa237d978d75f51a859a7140d31e62aed340eae4aa769e02d1640e30c7b

Download Submit
C:\Users\Admin\Desktop\Borat\Borat\bin\Audio.dll

Filesize
23KB

MD5
9726d7fe49c8ba43845ad8e5e2802bb8

SHA1
8bcdf790826a2ac7adfc1e8b214e8de43e086b97

SHA256
df31a70ceb0c481646eeaf94189242200fafd3df92f8b3ec97c0d0670f0e2259

SHA512
f97bc1e2ecbbc979d0eea3559c2da0982e4617eb217603224263ef825b8d98b3c52392eeef41888e6295fb60d362f9521e2f2bdaccc762c4591565f9e6248658

Download Submit
C:\Users\Admin\Desktop\Borat\Borat\bin\Discord.dll

Filesize
24KB

MD5
7ee673594bbb20f65448aab05f1361d0

SHA1
2a29736882439ef4c9088913e7905c0408cb2443

SHA256
8fa7634b7dca1a451cf8940429be6ad2440821ed04d5d70b6e727e5968e0b5f6

SHA512
f5d8457279a5c0684c075eae2d3de62b672303520a1c725b4f97787961e6043c73ca68d4353e5d4168a427104be65b74a9c92a87419348e92d772368e94fab7c

Download Submit
C:\Users\Admin\Desktop\Borat\Borat\bin\Extra.dll

Filesize
31KB

MD5
62c231bafa469ab04f090fcb4475d360

SHA1
82dda56bc59ac7db05eddbe4bcf0fe9323e32073

SHA256
6a4f32b0228092ce68e8448c6f4b74b4c654f40fb2d462c1d6bbd4b4ef09053d

SHA512
515fbdc9e792bd7ab711261c1d0185351079a2d5b104211c559cfc4c8465794ef897c43f0f825b4fc2e97a56525f73c3ad0a28de0fcf8b8bff89c26d1c97b3cc

Download Submit
C:\Users\Admin\Desktop\Borat\Borat\bin\FileManager.dll

Filesize
32KB

MD5
4ccd3dfb14ffdddfa598d1096f0190ea

SHA1
c68c30355599461aca7205a7cbdb3bb1830d59c8

SHA256
7f8a306826fcb0ee985a2b6d874c805f7f9b2062a1123ea4bb7f1eba90fc1b81

SHA512
2fa3ea13054d84e1a307ddc63f2a364c760b8e1882fee975585e6e1bae41cad3463495d22d0c8fb77d40e6b0336c3537ab68efb5fd84e46063a336ba20672cbc

Download Submit
C:\Users\Admin\Desktop\Borat\Borat\bin\FileSearcher.dll

Filesize
277KB

MD5
0b7c33c5739903ba4f4b78c446773528

SHA1
b58555bebddf8e695880014d34a863a647da547e

SHA256
2d9625f41793f62bfe32c10b2d5e05668e321bcaf8b73414b3c31ef677b9bff4

SHA512
d3ea78dcc15e5f365df55558b911f3289f516ecb16c07b7132084ec2e3b10f496d1ef0774416775c14caffbf3107220cfc19ec910cdb2637561b12a23fd1e43f

Download Submit
C:\Users\Admin\Desktop\Borat\Borat\bin\Fun.dll

Filesize
33KB

MD5
499fc6ac30b3b342833c79523be4a60c

SHA1
dcf1ed3fbc56d63b42c88ede88f9cad1d509e7ec

SHA256
dcac599b1bab37e1a388ac469e6cc5de1f35eb02beaa6778f07a1c090ce3ea04

SHA512
b63dcf0f42a4e80747556000aeee72137735cb7177567df6cfef3f15471efb8c4dc797db8cdc870d66cd87f09ffc7ab177969b126825a69e4b5390b568462484

Download Submit
C:\Users\Admin\Desktop\Borat\Borat\bin\Information.dll

Filesize
24KB

MD5
87651b12453131dafd3e91f60d8aef5a

SHA1
d5db880256bffa098718894edf684ea0dc4c335d

SHA256
a15d72d990686d06d89d7e11df2b16bcd5719a40298c19d046fa22c40d56af44

SHA512
1b911a877c5a3f508421f4f250d95861a5c110cb4b67ffe05de157085c5a018d34d9574c1ef4cf9eec3ba3cdd39985863564ea2f77814812032ea796cb329afa

Download Submit
C:\Users\Admin\Desktop\Borat\Borat\bin\Logger.dll

Filesize
26KB

MD5
872145b37d107144894c9aa8729bad42

SHA1
01610587bcfa7ac379b1f0169a2a9ab384b9116b

SHA256
2f258949fd95da6cd912beb7203a9fd5e99d050309a40341de67537edb75aadc

SHA512
0c926d24515b8ea80586c80d2613136f802badde3a788d2960ebd8f6a4d6e901d1ea220262f3d2a852c4f3da88bd69915070de920bc79eb82329c44dcab98435

Download Submit
C:\Users\Admin\Desktop\Borat\Borat\bin\MessagePackLib.dll

Filesize
16KB

MD5
590b00c87d5ff2ffe09079f0406eb2cd

SHA1
92c91f1db8c2c8cc34c2e1a26f4f970f1518a7ed

SHA256
adb00dee751b4ba620d3b0e002f5b6d8b89cf63b062f74ec65bba72294d553d1

SHA512
9396620bb9d77cacd7bc2bfa44e8fb76091e314298434d8ba995595df0b2a13edf8229c465b563aa668702176ccf2de34e9fd3d1567d4ff20d94672aba4ad745

Download Submit
C:\Users\Admin\Desktop\Borat\Borat\bin\Miscellaneous.dll

Filesize
82KB

MD5
509d41da4a688a2e50fc8e3afca074c7

SHA1
228de17938071733585842c59ffb99177831b558

SHA256
f91973113fd01465999ce317f3e7a89df8c91a5efadcfa61e5ccce687bf3580a

SHA512
86f975c75e246100d0486aa1507f5c2030323649ae921af51583c6b287e6780e9a9bf887ef4ead11599742cdeb7c90380c7d4859340e11913c2c1f42fb34ef8e

Download Submit
C:\Users\Admin\Desktop\Borat\Borat\bin\Netstat.dll

Filesize
24KB

MD5
12911f5654d6346fe99ef91e90849c13

SHA1
1b8e63d03feb84d995c02dcbb74da7edfaa8c763

SHA256
7eed1b90946a6db1fe978d177a80542b5db0bf3156c979dc8a8869a94811bf4b

SHA512
588971ef7aebae7afffb22bafdf8f8bb04bf3c474eabf6637543fe42e3e1800cc824929d953055a4f666776ea5fffe0389ef6216c1dca437e0c8a330f6670c19

Download Submit
C:\Users\Admin\Desktop\Borat\Borat\bin\Options.dll

Filesize
378KB

MD5
3a474b8dee059562b31887197d94f382

SHA1
b31455f9583b89cac9f655c136801673fb7b4b9a

SHA256
c9b8e795c5a024f9e3c85ba64534b9bf52cc8c3d29b95ff6417dc3a54bc68b95

SHA512
cdda908adb88603302b33c99befed0394f12cc34c5a31bc7b4b614df3615ea8a6cad7ef84e7b9865342f33783006974027e39fd458e5936dec14c8ae5e98bf0a

Download Submit
C:\Users\Admin\Desktop\Borat\Borat\bin\ProcessManager.dll

Filesize
25KB

MD5
91edcb945924df5fbf4ff123aa63199c

SHA1
d124869aaee9aa1a49def714774b834335aa746e

SHA256
5b1f80ff787bdcd7ee12aa64be1f2f5f1f658bd644bbc5fd73527b51da6ce0d6

SHA512
6927c1576a8a9ff724fe3b7d53067f97c121b272c1f2528cb8aa1806de61f36504ee4d25d56eb717a1010a80fb6b5e37c1a0c30b256fdb9a5ba5b31794146c52

Download Submit
C:\Users\Admin\Desktop\Borat\Borat\bin\Ransomware.dll

Filesize
97KB

MD5
ef998529d037fcdb2bde6d046f99db45

SHA1
1a38a1182155429ecc64c20ece46ec0836c32ec7

SHA256
54f554b9e330476b3903756f62b577bab35cdef941d3d0f6a3d607862762bf91

SHA512
4e4376c182dcdf993c6e8f55388829b9e7057e8d80be268a8469721e8ac7fc29eab65681f0f7f2c0dbad1c5bc30fdcc123774ae543770090bf01a62a0d161ece

Download Submit
C:\Users\Admin\Desktop\Borat\Borat\bin\Recovery.dll

Filesize
1.3MB

MD5
b4762c63cc383eb02cb093eeb88aecf1

SHA1
a3a1fdd8612c63f6d62d5a62915966be8e922ba1

SHA256
ec768f980b651a2fbbbcffb715bcac5214730c02ff21a1a987d6db9cb04f01e1

SHA512
51a9a8665be79a043dafe114d577988d5ab74803ab738d4d7129136372c7e1db4719c83e98c6e3aa7a8374a84cca570b34274d6bf18272906e6504872c514a1e

Download Submit
C:\Users\Admin\Desktop\Borat\Borat\bin\Regedit.dll

Filesize
279KB

MD5
8749c78b8ad09a3b240dd1384a17539b

SHA1
b9263ac725ccd8c664ae0f9da5fc0d00adcb8c5e

SHA256
657e3f1f449c0b710b0c571ec8eee689ae16793fb63b996e0182420d768f89bd

SHA512
5a910be70c79dec36d3e5c171ba5029612ee2960b8529ffb81d581ab0f20cbc30e6093b838ce1ebc2fab9ed9bbce8ab5f995487852bcba17df4b3480f91aa81b

Download Submit
C:\Users\Admin\Desktop\Borat\Borat\bin\RemoteCamera.dll

Filesize
107KB

MD5
acbf0f8b09320f3e967ee83fcda26f5d

SHA1
bbee0fa1c88edcd0469974223fb026e1176256dc

SHA256
203300be75ad8f57972324519b2583a44e759cdd57390d6765df10288e249789

SHA512
36a9c2810b8b86aa35cb2c18730fdd6b8547a5b9b937f0ffcaaffa5bc17566315d918e68974470ec07c3ca6f841c8d408784f3b6c3d621759edf4e4e8496d75d

Download Submit
C:\Users\Admin\Desktop\Borat\Borat\bin\RemoteDesktop.dll

Filesize
34KB

MD5
0f93650dd78557f41b7c5467e3b6b6a7

SHA1
382bd4496eb7439fde85832abca87cc21cb7872f

SHA256
cc5b49d2a2821d4f6ef6af8a1e50994c6690d6a4daa41bd048fe79bd8b578988

SHA512
15d0b95865316d09e9404a2507bb983a9d9e762e88d749ea61ba1ce15a229ea9d86ba09a7e6319d7bab859986f51eca6792bd42fc18fc1ac11d35b173a9d5fc6

Download Submit
memory/404-123-0x0000000002200000-0x000000000221E000-memory.dmp

Filesize
120KB

Download
memory/404-121-0x000000001C750000-0x000000001C7C6000-memory.dmp

Filesize
472KB

Download
memory/404-122-0x0000000002180000-0x0000000002190000-memory.dmp

Filesize
64KB

Download
memory/404-89-0x0000000000030000-0x0000000000044000-memory.dmp

Filesize
80KB

Download
memory/2748-59-0x000001EF96AA0000-0x000001EF97EAA000-memory.dmp

Filesize
20.0MB

Download