Overview

overview

10

Static

static

10

BoRat Rat.7z

windows10-1703-x64

3

BoratRat_Cracked.exe

windows10-1703-x64

BoratRat_C...xe.xml

windows10-1703-x64

1

bin/Audio.dll

windows10-1703-x64

1

bin/Discord.dll

windows10-1703-x64

1

bin/Extra.dll

windows10-1703-x64

1

bin/FileManager.dll

windows10-1703-x64

1

bin/FileSearcher.dll

windows10-1703-x64

1

bin/Fun.dll

windows10-1703-x64

1

bin/Information.dll

windows10-1703-x64

1

bin/Keylogger.exe

windows10-1703-x64

1

bin/Logger.dll

windows10-1703-x64

1

bin/Messag...ib.dll

windows10-1703-x64

1

bin/Miscellaneous.dll

windows10-1703-x64

1

bin/Netstat.dll

windows10-1703-x64

1

bin/Options.dll

windows10-1703-x64

1

bin/Proces...er.dll

windows10-1703-x64

1

bin/Ransomware.dll

windows10-1703-x64

1

bin/Recovery.dll

windows10-1703-x64

1

bin/Regedit.dll

windows10-1703-x64

1

bin/RemoteCamera.dll

windows10-1703-x64

1

bin/RemoteDesktop.dll

windows10-1703-x64

1

bin/ReverseProxy.dll

windows10-1703-x64

1

bin/SendFile.dll

windows10-1703-x64

1

bin/SendMemory.dll

windows10-1703-x64

1

bin/ip2region.db

windows10-1703-x64

3

Analysis

  • max time kernel
    132s
  • max time network
    260s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    13-07-2024 08:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    BoratRat_Cracked.exe.xml

  • Size

    5KB

  • MD5

    3e645ccca1c44a00210924a3b0780955

  • SHA1

    5d8e8115489ac505c1d10fdd64e494e512dba793

  • SHA256

    f29e697efd7c5ecb928c0310ea832325bf6518786c8e1585e1b85cdc8701602f

  • SHA512

    ea7e3a6e476345870f05124a56dde266e1ad04b557b2dde83c5674cfdf3be00f26d3db6a14a8d88ecf75e2c9e3a12e6955f6c85654ba967c17664e9acc3d4f1f

  • SSDEEP

    96:Xr7T7Kc7KnreNRrqAbGxRN3ZV/Kw4YpyMasJ8J4YqJyM/:Xr7T7D7or8E3ZV/Kw/pvasJ8J/qJv/

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 54 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\BoratRat_Cracked.exe.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4056
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\BoratRat_Cracked.exe.xml
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2340
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2340 CREDAT:82945 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3872

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
    Filesize

    4KB

    MD5

    1bfe591a4fe3d91b03cdf26eaacd8f89

    SHA1

    719c37c320f518ac168c86723724891950911cea

    SHA256

    9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

    SHA512

    02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    2f1af77de3b23e57f86e2ed3f8605803

    SHA1

    72cbfe907207b956a0ddadcf238699594973eed9

    SHA256

    afc3534afaa0326fd475bd776d45a624f3522f84c51afdd52e7e2ae19f954cf1

    SHA512

    a0f98c95293c9cac09bbb257445cea11ab707568191011660b89a1a11c587abe2c7ed945762b99847a0cf33648bb6c4e70d424f4fb977306da98d64172fa82db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
    Filesize

    338B

    MD5

    02bf741b351cbb17dab70a27ea87768a

    SHA1

    4eb4595064e444840ca36b06d8114e4fa667f185

    SHA256

    956ee0b5c0a43776426cea194b5c3a1f6557be25dabfecf7949d72bd67711ed5

    SHA512

    ea67357cb9f3aa89ccdde22c2eedebd5d608fd8b33f4b7025c3172eefcc9c8c417d9f4135d413535fae8b0120afabd7aa4b7bfbfdfe7fbc16d8b5c3f18ed106b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    49c10a718b150260f4f411b04dcd2194

    SHA1

    4e874cb4ac43458fbd57652acd32eed787625186

    SHA256

    2de08e5605bfbadb42e21a0f2c25a8eb0ac076b8e57d33359b26776e58eb92f7

    SHA512

    f693191ed3861dffe58f38d7eee219c219908b4d5da81ffb496ff948b651f5416ea58e9ea62a436b315cc789d1e65e83d3ae61b16040b9db764b4e09e4cc9177

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verFCCF.tmp
    Filesize

    15KB

    MD5

    1a545d0052b581fbb2ab4c52133846bc

    SHA1

    62f3266a9b9925cd6d98658b92adec673cbe3dd3

    SHA256

    557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

    SHA512

    bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\T28YHK6H\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\90GOV1WX.cookie
    Filesize

    545B

    MD5

    f9defe9cfc084f83e55092f4c8ed0455

    SHA1

    f6bfeb315666b36f8a6e59a6d0c22d063ca5799a

    SHA256

    c42317f155f5907303113f303de13f55ed4577ab1124ce48a24dc5202c04b13b

    SHA512

    b6553167cfc24629b67918c905174e9652e20c7e7e3bb774c38bb0f8d5f3726863b23da0caf8590298533cd0cadba2154628b48ee71fc6474a38a2c1b962cf5f

    Download Submit

  • memory/4056-8-0x00007FFE4A840000-0x00007FFE4AA1B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4056-20-0x00007FFE0A8D0000-0x00007FFE0A8E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-10-0x00007FFE4A840000-0x00007FFE4AA1B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4056-12-0x00007FFE4A840000-0x00007FFE4AA1B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4056-14-0x00007FFE4A840000-0x00007FFE4AA1B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4056-13-0x00007FFE4A840000-0x00007FFE4AA1B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4056-11-0x00007FFE4A840000-0x00007FFE4AA1B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4056-0-0x00007FFE0A8D0000-0x00007FFE0A8E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-15-0x00007FFE4A840000-0x00007FFE4AA1B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4056-16-0x00007FFE4A840000-0x00007FFE4AA1B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4056-21-0x00007FFE4A840000-0x00007FFE4AA1B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4056-9-0x00007FFE4A840000-0x00007FFE4AA1B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4056-19-0x00007FFE0A8D0000-0x00007FFE0A8E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-18-0x00007FFE0A8D0000-0x00007FFE0A8E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-17-0x00007FFE0A8D0000-0x00007FFE0A8E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-7-0x00007FFE4A840000-0x00007FFE4AA1B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4056-6-0x00007FFE4A840000-0x00007FFE4AA1B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4056-5-0x00007FFE4A840000-0x00007FFE4AA1B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4056-3-0x00007FFE4A8E5000-0x00007FFE4A8E6000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4056-4-0x00007FFE0A8D0000-0x00007FFE0A8E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-2-0x00007FFE0A8D0000-0x00007FFE0A8E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-1-0x00007FFE0A8D0000-0x00007FFE0A8E0000-memory.dmp

    Filesize

    64KB

    Download