General
-
Target
Borat.rar
-
Size
9.6MB
-
Sample
240715-jjvf9aycnb
-
MD5
e3b10d235c365ac49d6855df0432bb76
-
SHA1
4ce182c19796cf8d4c017fdd8fd4b390de1eac7e
-
SHA256
53cdc49c7fb83b419c07edb45c544b106aaa37db00e8a37211678af6350a82f1
-
SHA512
bb91a4bf979516c2a19733772b4c34b09b45efbcec491f2fb62adde9222e6306ce32a17de3e6f9b3d7338a93f3d72e4747a23157675663f00e9f153bc4ec4704
-
SSDEEP
196608:XrmtNiLocMQin2MKY9U6Qw9w/ZpX4ff5c4lgg0:7mt5tn2y9Woff5c4G
Malware Config
Targets
-
-
Target
Borat/BoratRat.exe
-
Size
20.0MB
-
MD5
65b694d69d327efe28fcbce125401e96
-
SHA1
049d4d71742b99a598c074458f1f2d5b0119e912
-
SHA256
de60ecbbfef30c93fe8875ef69b358b20076d1f969fc3d21ab44d59dc9ef7cab
-
SHA512
7ab57642e414e134e851d9aa2ed3ef8b483f3a5f77877cdc04e08d7f95c44884f8ccc6beaf8ba7f6949cfd7398c46be46c024d4fdeacd3a332d4565609baad5b
-
SSDEEP
393216:V+G+oTCP+Zw6NLIsFfskh1BmXGnfBd+Uw:IGpTCP+Zlnk0rmkBYUw
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
UAC bypass
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Renames multiple (4488) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks whether UAC is enabled
-
-
-
Target
Borat/bin/Audio.dll
-
Size
23KB
-
MD5
9726d7fe49c8ba43845ad8e5e2802bb8
-
SHA1
8bcdf790826a2ac7adfc1e8b214e8de43e086b97
-
SHA256
df31a70ceb0c481646eeaf94189242200fafd3df92f8b3ec97c0d0670f0e2259
-
SHA512
f97bc1e2ecbbc979d0eea3559c2da0982e4617eb217603224263ef825b8d98b3c52392eeef41888e6295fb60d362f9521e2f2bdaccc762c4591565f9e6248658
-
SSDEEP
384:cSRj1EfmW3sHmH+6kBdseXGDfICDzu5RQ0juAa04FOkhcV:cSRj1N0sHieK/7CuAhROw
Score1/10 -
-
-
Target
Borat/bin/Discord.dll
-
Size
24KB
-
MD5
7ee673594bbb20f65448aab05f1361d0
-
SHA1
2a29736882439ef4c9088913e7905c0408cb2443
-
SHA256
8fa7634b7dca1a451cf8940429be6ad2440821ed04d5d70b6e727e5968e0b5f6
-
SHA512
f5d8457279a5c0684c075eae2d3de62b672303520a1c725b4f97787961e6043c73ca68d4353e5d4168a427104be65b74a9c92a87419348e92d772368e94fab7c
-
SSDEEP
384:d0FmIXW/ppmaCnN594J+Im/tvp2BdseXGcdh+JaL6EWAVuk5mSZ7rN2TD118Ksuz:sECaC7iGqQ0jNZ5mSZZWDEKsK
Score1/10 -
-
-
Target
Borat/bin/Extra.dll
-
Size
31KB
-
MD5
62c231bafa469ab04f090fcb4475d360
-
SHA1
82dda56bc59ac7db05eddbe4bcf0fe9323e32073
-
SHA256
6a4f32b0228092ce68e8448c6f4b74b4c654f40fb2d462c1d6bbd4b4ef09053d
-
SHA512
515fbdc9e792bd7ab711261c1d0185351079a2d5b104211c559cfc4c8465794ef897c43f0f825b4fc2e97a56525f73c3ad0a28de0fcf8b8bff89c26d1c97b3cc
-
SSDEEP
384:UX8AFmmb7f0BOheE6qCt57udseXG8WIThDkz7R3bu4Uwvs7c9K7ZvTbJlXKyckew:E8Avb7fwCk1uLRkVsA9K7Zv76keFBFu
Score1/10 -
-
-
Target
Borat/bin/FileManager.dll
-
Size
32KB
-
MD5
4ccd3dfb14ffdddfa598d1096f0190ea
-
SHA1
c68c30355599461aca7205a7cbdb3bb1830d59c8
-
SHA256
7f8a306826fcb0ee985a2b6d874c805f7f9b2062a1123ea4bb7f1eba90fc1b81
-
SHA512
2fa3ea13054d84e1a307ddc63f2a364c760b8e1882fee975585e6e1bae41cad3463495d22d0c8fb77d40e6b0336c3537ab68efb5fd84e46063a336ba20672cbc
-
SSDEEP
384:GEGHWHugXvIgTmm49cj7ddseXGMBNhD8mouIXA4Pcg4lYzMnIqE7GMiBrNelgPU:Gb2fN49ydxZyXMXLnIr7GMarNc
Score1/10 -
-
-
Target
Borat/bin/FileSearcher.dll
-
Size
277KB
-
MD5
0b7c33c5739903ba4f4b78c446773528
-
SHA1
b58555bebddf8e695880014d34a863a647da547e
-
SHA256
2d9625f41793f62bfe32c10b2d5e05668e321bcaf8b73414b3c31ef677b9bff4
-
SHA512
d3ea78dcc15e5f365df55558b911f3289f516ecb16c07b7132084ec2e3b10f496d1ef0774416775c14caffbf3107220cfc19ec910cdb2637561b12a23fd1e43f
-
SSDEEP
3072:EGFYQ/KZdG6oE1nKSYfTvqCjUKidQTs2pccc9k1DEIWcSCSLeyYcEeI/KQ73WmbN:EnwLrSYfDjtlAx9k1An4pE0
Score1/10 -
-
-
Target
Borat/bin/Fun.dll
-
Size
33KB
-
MD5
499fc6ac30b3b342833c79523be4a60c
-
SHA1
dcf1ed3fbc56d63b42c88ede88f9cad1d509e7ec
-
SHA256
dcac599b1bab37e1a388ac469e6cc5de1f35eb02beaa6778f07a1c090ce3ea04
-
SHA512
b63dcf0f42a4e80747556000aeee72137735cb7177567df6cfef3f15471efb8c4dc797db8cdc870d66cd87f09ffc7ab177969b126825a69e4b5390b568462484
-
SSDEEP
768:DOFmXPm7MACQnB5vrTh+g0R2Lybx9gnn:DOFNnB5XJL8e
Score1/10 -
-
-
Target
Borat/bin/Information.dll
-
Size
24KB
-
MD5
87651b12453131dafd3e91f60d8aef5a
-
SHA1
d5db880256bffa098718894edf684ea0dc4c335d
-
SHA256
a15d72d990686d06d89d7e11df2b16bcd5719a40298c19d046fa22c40d56af44
-
SHA512
1b911a877c5a3f508421f4f250d95861a5c110cb4b67ffe05de157085c5a018d34d9574c1ef4cf9eec3ba3cdd39985863564ea2f77814812032ea796cb329afa
-
SSDEEP
384:zsvmkKbpmUGZdseXGvXhDYLuqInXx3McZ+RaYzwM3tllsXxMSDv:w+kKb0bZIqInpXZ+RtzAxMSj
Score1/10 -
-
-
Target
Borat/bin/Keylogger.exe
-
Size
10KB
-
MD5
a45679bdcf30f068032bd37a194fa175
-
SHA1
f23fd98f28bb0b482f0aae028172e11536e4688c
-
SHA256
16beb1ae2de2974ccc2371d9f619f492295e590abb65d3102e362c8ec27f2bbb
-
SHA512
3b6a954de9ec3b82719af8c3fd3de2137096b182990363abc8a68e20c1d1d419fc594a7955759a64de3582a92662315a3ead8193c2806efcff113dc2c61c4518
-
SSDEEP
192:mStmcuq6QIDxi4maEYbRzmEsLkugv5JHTeeJYHcwY7fazItxEEi:mStlF6QmE9rUhVsLe5perYyAEE
Score1/10 -
-
-
Target
Borat/bin/Logger.dll
-
Size
26KB
-
MD5
872145b37d107144894c9aa8729bad42
-
SHA1
01610587bcfa7ac379b1f0169a2a9ab384b9116b
-
SHA256
2f258949fd95da6cd912beb7203a9fd5e99d050309a40341de67537edb75aadc
-
SHA512
0c926d24515b8ea80586c80d2613136f802badde3a788d2960ebd8f6a4d6e901d1ea220262f3d2a852c4f3da88bd69915070de920bc79eb82329c44dcab98435
-
SSDEEP
384:ny2nOVC1a1WmAcsH2Co9KPdseXG8iIhDbuLCG4kNmXWuxb87AMFah:nrQ1hNsnPZ1Jk6875O
Score1/10 -
-
-
Target
Borat/bin/MessagePackLib.dll
-
Size
16KB
-
MD5
590b00c87d5ff2ffe09079f0406eb2cd
-
SHA1
92c91f1db8c2c8cc34c2e1a26f4f970f1518a7ed
-
SHA256
adb00dee751b4ba620d3b0e002f5b6d8b89cf63b062f74ec65bba72294d553d1
-
SHA512
9396620bb9d77cacd7bc2bfa44e8fb76091e314298434d8ba995595df0b2a13edf8229c465b563aa668702176ccf2de34e9fd3d1567d4ff20d94672aba4ad745
-
SSDEEP
384:omnkO72iseXGr8puUUqmMDRVE7PuFRQ5:7nkprnJMDRVE72I
Score1/10 -
-
-
Target
Borat/bin/Miscellaneous.dll
-
Size
82KB
-
MD5
509d41da4a688a2e50fc8e3afca074c7
-
SHA1
228de17938071733585842c59ffb99177831b558
-
SHA256
f91973113fd01465999ce317f3e7a89df8c91a5efadcfa61e5ccce687bf3580a
-
SHA512
86f975c75e246100d0486aa1507f5c2030323649ae921af51583c6b287e6780e9a9bf887ef4ead11599742cdeb7c90380c7d4859340e11913c2c1f42fb34ef8e
-
SSDEEP
1536:+Zce38lSJ3k45otUV251nos3O4Raam/an:+ZceRU4KSV213O4Raat
Score1/10 -
-
-
Target
Borat/bin/Netstat.dll
-
Size
24KB
-
MD5
12911f5654d6346fe99ef91e90849c13
-
SHA1
1b8e63d03feb84d995c02dcbb74da7edfaa8c763
-
SHA256
7eed1b90946a6db1fe978d177a80542b5db0bf3156c979dc8a8869a94811bf4b
-
SHA512
588971ef7aebae7afffb22bafdf8f8bb04bf3c474eabf6637543fe42e3e1800cc824929d953055a4f666776ea5fffe0389ef6216c1dca437e0c8a330f6670c19
-
SSDEEP
384:crl+bbgmsHmxSRmqe5HPwKRsJGAdseXGOhBReDmYuFCJG0BBR93NNRk+rs25x55/:cwbWGcMqc45L6eC1B79Tk+gn8sO
Score1/10 -
-
-
Target
Borat/bin/Options.dll
-
Size
378KB
-
MD5
3a474b8dee059562b31887197d94f382
-
SHA1
b31455f9583b89cac9f655c136801673fb7b4b9a
-
SHA256
c9b8e795c5a024f9e3c85ba64534b9bf52cc8c3d29b95ff6417dc3a54bc68b95
-
SHA512
cdda908adb88603302b33c99befed0394f12cc34c5a31bc7b4b614df3615ea8a6cad7ef84e7b9865342f33783006974027e39fd458e5936dec14c8ae5e98bf0a
-
SSDEEP
6144:DTG2nhDLZ03+biuOd1jScGHkl6GfIrOzXevKvhzmYVV7+FWWz06v:/nnzEYcVXevWBVqO
Score1/10 -
-
-
Target
Borat/bin/ProcessManager.dll
-
Size
25KB
-
MD5
91edcb945924df5fbf4ff123aa63199c
-
SHA1
d124869aaee9aa1a49def714774b834335aa746e
-
SHA256
5b1f80ff787bdcd7ee12aa64be1f2f5f1f658bd644bbc5fd73527b51da6ce0d6
-
SHA512
6927c1576a8a9ff724fe3b7d53067f97c121b272c1f2528cb8aa1806de61f36504ee4d25d56eb717a1010a80fb6b5e37c1a0c30b256fdb9a5ba5b31794146c52
-
SSDEEP
384:IiL3RGwNe7Nm1T33T9OZNA8SwCguRvsPzHdseXGii6ZDWl9UZ5QDBfqFuGvAzx/B:IiL3A2eg1L3B7wUvsPT9mGvixVX
Score1/10 -
-
-
Target
Borat/bin/Ransomware.dll
-
Size
97KB
-
MD5
ef998529d037fcdb2bde6d046f99db45
-
SHA1
1a38a1182155429ecc64c20ece46ec0836c32ec7
-
SHA256
54f554b9e330476b3903756f62b577bab35cdef941d3d0f6a3d607862762bf91
-
SHA512
4e4376c182dcdf993c6e8f55388829b9e7057e8d80be268a8469721e8ac7fc29eab65681f0f7f2c0dbad1c5bc30fdcc123774ae543770090bf01a62a0d161ece
-
SSDEEP
1536:hQaxD6uxxNV41T56kDgJp+isYOmvZfi3OqL4FrQ1vbVa:Kax2uxxNV41T5lkjvv83OqLKU1Za
Score1/10 -
-
-
Target
Borat/bin/Recovery.dll
-
Size
1.3MB
-
MD5
b4762c63cc383eb02cb093eeb88aecf1
-
SHA1
a3a1fdd8612c63f6d62d5a62915966be8e922ba1
-
SHA256
ec768f980b651a2fbbbcffb715bcac5214730c02ff21a1a987d6db9cb04f01e1
-
SHA512
51a9a8665be79a043dafe114d577988d5ab74803ab738d4d7129136372c7e1db4719c83e98c6e3aa7a8374a84cca570b34274d6bf18272906e6504872c514a1e
-
SSDEEP
24576:obiHpeKuuOcI8FeZ1H9StDW+gmGIX4exF9JdjT:obiHAG9cgymGIX4eBj
Score1/10 -
-
-
Target
Borat/bin/Regedit.dll
-
Size
279KB
-
MD5
8749c78b8ad09a3b240dd1384a17539b
-
SHA1
b9263ac725ccd8c664ae0f9da5fc0d00adcb8c5e
-
SHA256
657e3f1f449c0b710b0c571ec8eee689ae16793fb63b996e0182420d768f89bd
-
SHA512
5a910be70c79dec36d3e5c171ba5029612ee2960b8529ffb81d581ab0f20cbc30e6093b838ce1ebc2fab9ed9bbce8ab5f995487852bcba17df4b3480f91aa81b
-
SSDEEP
3072:WzAqsjXBXBqf6ura3Rx7+HHgmUK/UI0GWF2gboRW5d5HeuoXxwoMffbRFC:EuRRtL2HgmUGs2ZW5HR6woMfD
Score1/10 -
-
-
Target
Borat/bin/RemoteCamera.dll
-
Size
107KB
-
MD5
acbf0f8b09320f3e967ee83fcda26f5d
-
SHA1
bbee0fa1c88edcd0469974223fb026e1176256dc
-
SHA256
203300be75ad8f57972324519b2583a44e759cdd57390d6765df10288e249789
-
SHA512
36a9c2810b8b86aa35cb2c18730fdd6b8547a5b9b937f0ffcaaffa5bc17566315d918e68974470ec07c3ca6f841c8d408784f3b6c3d621759edf4e4e8496d75d
-
SSDEEP
3072:mOFFLLddftQGkkeeMMyDRRHHZZzmf7oQTLuxkyqIpQkosabuYmBBvU83p+d9:/FFLLddfBkkeeMMyDRRHHZZzq/IpQko8
Score1/10 -
-
-
Target
Borat/bin/RemoteDesktop.dll
-
Size
34KB
-
MD5
0f93650dd78557f41b7c5467e3b6b6a7
-
SHA1
382bd4496eb7439fde85832abca87cc21cb7872f
-
SHA256
cc5b49d2a2821d4f6ef6af8a1e50994c6690d6a4daa41bd048fe79bd8b578988
-
SHA512
15d0b95865316d09e9404a2507bb983a9d9e762e88d749ea61ba1ce15a229ea9d86ba09a7e6319d7bab859986f51eca6792bd42fc18fc1ac11d35b173a9d5fc6
-
SSDEEP
768:RgkUHv6PH412Z9z9kqTbwXT/PP1ne1e74F:RnbZXXTUj/PP1ne1q6
Score1/10 -
-
-
Target
Borat/bin/ReverseProxy.dll
-
Size
14KB
-
MD5
e89a0b897f93d7d5cb433b3fd01764c9
-
SHA1
9e72e85d13fe70c2518041e30d202f04b14324b6
-
SHA256
d8a115310142f2e874dc7ea2a393fada679838bddb87f4cfd9aaef631641cb72
-
SHA512
1ba55b4546cf4e1df9f0f48c7cc2ba55dcc1a6eb837f0678e77f88f37e1e6d3a17d5292cefdb4a063ae5bf31bc3757b07fce790123639d1c8686187dcc664468
-
SSDEEP
192:CbBTOv+EgIRtac3iIs8YviqeOLUVw1z4ra2ZHouB/By0t/WJIGWr69PuCb:gIvpAcJOLUqFkP/By0Rx69P3b
Score1/10 -
-
-
Target
Borat/bin/SendFile.dll
-
Size
26KB
-
MD5
7f3a6c23c979f840d98b8b04a583cde9
-
SHA1
941c50a425479c5f025fbb152a1a0754ac03c252
-
SHA256
0da1bd8e67d6f499cc3b296fc278103497f7ca2f692fe76e3c0413b0e14df777
-
SHA512
47e6a880bbf3975d39c6ccac81245310683747d1b4afc152e6edaa564f43b7f042a43309844f8ff44006ce55bb810d743405bd974f5ee61b2c2bd080f2253dd3
-
SSDEEP
384:GuDs6RbLDm9jJ5AftugdseXG88nhiU7eugRZAhrcvlxdBNI2qIcidq4jkcEjI+aO:L1969jJ5KugTDvYQv722TdPH3lEZ
Score1/10 -
-
-
Target
Borat/bin/SendMemory.dll
-
Size
27KB
-
MD5
d405b02cb6c624a7df4ebecefc5d23a9
-
SHA1
0272d8cc3456a9bdfff7431f9ce238c93511cacd
-
SHA256
e06a66122af82580a883ce21609f89628e5dd648726307693d398c0661a1e5c1
-
SHA512
b3367dc44e1488c62689cefb8940f58d0725f498850acfc18fe9d84d526b860a2ff3fd995fb4f4c2876eac748ac34381dc6b051d31df8cf2f3979d087175ba66
-
SSDEEP
384:Yo7mTJ92TmR0EMZadseXGUDfhD0uQ5MZm41RCqDjbAFUYZE5xWfNxTa52p7L5:YoiTJ9NOVa9pX1KmYZE5xWl5g2px
Score1/10 -
-
-
Target
Borat/raw/Client.exe
-
Size
56KB
-
MD5
ffb1320290cfdce0cddbf4ef17dfe898
-
SHA1
95f706ab3a21551d4aaebda1879af62afe503879
-
SHA256
995ef0a042d5b5b8fa9754e7c741c59e633167f510c3dfe8bdb0373debddb24d
-
SHA512
ca48c519ecf12917836070e6f807e13e6dbcad241d0134c5c9a6a2412567d6ae4cadcfaef9e6c76446b1a426daa57fe1fab56b505bc31f5d0bbec47e758b642b
-
SSDEEP
768:kdiv4Kbwg2V+YV5cfADYI1WQZConqLMh0AoE7pwaambG4lRueJNNQhXIxT:k+b9sCKqLzECafbX3uoQpIxT
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
2