New Borat remote access malware is no laughing matter

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Content source
https://www.bleepingcomputer.com/news/security/new-borat-remote-access-malware-is-no-laughing-matter/
A new remote access trojan (RAT) named Borat has appeared on darknet markets, offering easy-to-use features to conduct DDoS attacks, UAC bypass, and ransomware deployment.

As a RAT, Borat enables remote threat actors to take complete control of their victim’s mouse and keyboard, access files, network points, and hide any signs of their presence.
The malware lets its operators choose their compilation options to create small payloads that feature precisely what they need for highly tailored attacks.

Borat was analyzed by researchers at Cyble, who spotted it in the wild and sampled the malware for a technical study that revealed its functionality.
Click to expand...
blog.cyble.com

Deep Dive Analysis – Borat RAT - Cyble

Cyble Research Labs analyzes Borat , a sophisticated RAT variant that boasts a combination of Remote Access Trojan, Spyware, Ransomware and DDoS capabilities.
blog.cyble.com blog.cyble.com
 
Last edited by a moderator:
  • Like
Reactions: Andy Ful, Shadowra, [correlate] and 2 others
upnorth

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
L0ckJaw said:
Can this Borat be tested in the hub ?
Click to expand...

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com

F-Secure catch the .exe file ( BoratRat.exe ) on static. According to VT so is Avast, Norton. Not sure on Gdata, but I can guess it's BB would.

Then there is another problem. According to the research, one need the whole package of files for the Rat actually being able to execute/run. Or at least it's extra features.
The Borat RAT comes as a package which includes builder binary, supporting modules, server certificate, etc., as shown in Figure 4.
Click to expand...
Figure-4-Supporting-Modules-of-Borat.png

The figure below shows the supporting modules responsible for executing the RAT features, as shown in Figure 5.
Click to expand...
Figure-5-DLLs-used-to-Execute-all-Features.png


When I tried to execute the BoratRat.exe on AnyRun it also asked for a unknown password, so this all combined makes it a no go for the Hub.
 
  • +Reputation
  • Like
  • Thanks
Reactions: Venustus, Andy Ful, Shadowra and 6 others
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • Thanks
    • +Reputation
New stealthy Python RAT malware targets Windows in attacks
Replies
0
Views
569
News Archive
silversurfer
silversurfer
silversurfer
    • Like
'Purple Fox' Hackers Spotted Using New Variant of FatalRAT in Recent Malware Attacks
Replies
0
Views
960
News Archive
silversurfer
silversurfer
Gandalf_The_Grey
    • Like
    • Wow
Stealthy new JavaScript malware infects Windows PCs with RATs
Replies
5
Views
1,256
News Archive
wat0114
wat0114

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top