December 6, 2023

Researchers have discovered a new RAT, named Borat, that enables operators to gain full access and remote control of an infected system.

Unlike other RATs, the Borat RAT provides Ransomware and DDOS services to attackers expanding their capabilities. Also allows its operators to compile the malware binary for performing specific features, including DDoS and ransomware attacks.

Advertisements

The RAT has a modular structure, each module implements a specific functionality. Below a list of the modules analyzed :

  • Keylogger
  • Ransomware
  • DDOS
  • Audio Recording
  • Webcam recording 
  • Remote desktop 
  • Reverse proxy 
  • Device information 
  • Process hollowing 
  • Credential stealing 
  • Discord token stealing 

The BORAT RAT is also able to perform the following activities to disturb the victims: Play Audio, Swap Mouse Buttons, Show/hide the Desktop, Show/hide the taskbar, Hold Mouse, Enable/Disable webcam light, Hang System, Monitor Off, Blank screen, etc.  

Indicators of Compromise

d2ce3aa530ba6b6680759b79aa691260244ca91f5031aa9670248924cc983fb0
b47c77d237243747a51dd02d836444ba067cf6cc4b8b3344e5cf791f5f41d20e
f29e697efd7c5ecb928c0310ea832325bf6518786c8e1585e1b85cdc8701602f
8c300944ae62e17ab05ad408c5fb5473ebccac514c8ddc17c47bc9fda451c91b
df31a70ceb0c481646eeaf94189242200fafd3df92f8b3ec97c0d0670f0e2259
8fa7634b7dca1a451cf8940429be6ad2440821ed04d5d70b6e727e5968e0b5f6
6a4f32b0228092ce68e8448c6f4b74b4c654f40fb2d462c1d6bbd4b4ef09053d
7f8a306826fcb0ee985a2b6d874c805f7f9b2062a1123ea4bb7f1eba90fc1b81
2d9625f41793f62bfe32c10b2d5e05668e321bcaf8b73414b3c31ef677b9bff4   
dcac599b1bab37e1a388ac469e6cc5de1f35eb02beaa6778f07a1c090ce3ea04
a15d72d990686d06d89d7e11df2b16bcd5719a40298c19d046fa22c40d56af44
5c124a7e35025d3e94df6b17dca5332e9a5aaabdca2355c113f3c93b572281b7
16beb1ae2de2974ccc2371d9f619f492295e590abb65d3102e362c8ec27f2bbb
2f258949fd95da6cd912beb7203a9fd5e99d050309a40341de67537edb75aadc
adb00dee751b4ba620d3b0e002f5b6d8b89cf63b062f74ec65bba72294d553d1
f91973113fd01465999ce317f3e7a89df8c91a5efadcfa61e5ccce687bf3580a
f91973113fd01465999ce317f3e7a89df8c91a5efadcfa61e5ccce687bf3580a
7eed1b90946a6db1fe978d177a80542b5db0bf3156c979dc8a8869a94811bf4b
c9b8e795c5a024f9e3c85ba64534b9bf52cc8c3d29b95ff6417dc3a54bc68b95
5b1f80ff787bdcd7ee12aa64be1f2f5f1f658bd644bbc5fd73527b51da6ce0d6
54f554b9e330476b3903756f62b577bab35cdef941d3d0f6a3d607862762bf91
58f9e3c90446dfecfec64221eb11167dd41d0e8dedda2ea9f83d9dda2890e6f3
657e3f1f449c0b710b0c571ec8eee689ae16793fb63b996e0182420d768f89bd
203300be75ad8f57972324519b2583a44e759cdd57390d6765df10288e249789
cc5b49d2a2821d4f6ef6af8a1e50994c6690d6a4daa41bd048fe79bd8b578988
d8a115310142f2e874dc7ea2a393fada679838bddb87f4cfd9aaef631641cb72
0da1bd8e67d6f499cc3b296fc278103497f7ca2f692fe76e3c0413b0e14df777
e06a66122af82580a883ce21609f89628e5dd648726307693d398c0661a1e5c1

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d