babylonrat | ea8c4a6d9e6d8e9c9ed430f8a29760264dd7e4a438189a66d47c319b6c180981 | Triage

Submit
Reports

Overview

overview

Static

static

1

DriverDiag...ol.exe

windows7-x64

DriverDiag...ol.exe

windows10-2004-x64

KENAPA_UMN...AN.lnk

windows7-x64

KENAPA_UMN...AN.lnk

windows10-2004-x64

KENAPA_UMN...AN.pdf

windows7-x64

1

KENAPA_UMN...AN.pdf

windows10-2004-x64

1

KENAPA_UMN...AN.ps1

windows7-x64

KENAPA_UMN...AN.ps1

windows10-2004-x64

Sharing

General

Target

11118198434.zip
Size

349.1MB
Sample

230706-zwj42sfd2y
MD5

436e8b6a84e709a73340fc7a53580430
SHA1

a13236cc892afa01c15195b68400eb7e19aad004
SHA256

ea8c4a6d9e6d8e9c9ed430f8a29760264dd7e4a438189a66d47c319b6c180981
SHA512

d046134a9c2cf6feeeb1ffd1fb91ab916262db9f767ffc8c3e17ef0c6243dd27e426c3c17ab213362cb279404e5b4498a3e9f927d71745d03d03b2e334304095
SSDEEP

6291456:JBJvwY1EWG65t+6UQL+cmUPgtgIIA8/DfC3SD1KuhSY0sGmTH:xvVg+t+6UUUNtrIAYW3SPT05mTH

Score

10^/10

babylonrat persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

DriverDiagnoseTool.exe

Resource

win7-20230703-en

babylonrat trojan upx

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

DriverDiagnoseTool.exe

Resource

win10v2004-20230703-en

babylonrat trojan upx

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral3

Sample

KENAPA_UMNO_BERSAMA_KERAJAAN_PERPADUAN.lnk

Resource

win7-20230703-en

babylonrat persistence trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral4

Sample

KENAPA_UMNO_BERSAMA_KERAJAAN_PERPADUAN.lnk

Resource

win10v2004-20230703-en

babylonrat persistence trojan upx

windows10-2004-x64

15 signatures

150 seconds

Behavioral task

behavioral5

Sample

KENAPA_UMNO_BERSAMA_KERAJAAN_PERPADUAN.pdf

Resource

win7-20230703-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral6

Sample

KENAPA_UMNO_BERSAMA_KERAJAAN_PERPADUAN.pdf

Resource

win10v2004-20230703-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral7

Sample

KENAPA_UMNO_BERSAMA_KERAJAAN_PERPADUAN.ps1

Resource

win7-20230705-en

babylonrat persistence trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral8

Sample

KENAPA_UMNO_BERSAMA_KERAJAAN_PERPADUAN.ps1

Resource

win10v2004-20230703-en

babylonrat persistence trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

babylonrat

C2

149.28.19.207

Targets

- Target
  
  DriverDiagnoseTool.exe
- Size
  
  300.9MB
- MD5
  
  d70de5a533c758bcba7ff16d204cdbe6
- SHA1
  
  38d9f39f8c3699c04c4e4ba3e33afbed745e3e8f
- SHA256
  
  40d348783300d039d969f27a22433a8cba8d31c28e2e8d542c10a5792d34c1d3
- SHA512
  
  a9355532ad9310a61f1b07926a64d48669ebf3e15e45c18a28a7b16c3e94d66037752d45b36e26c2dbb247b2d9fdcedc18f00fb4229daece372f44af418c07f1
- SSDEEP
  
  6291456:vz2C0PyE4M6Q1nYOCNxklwFy3kMj/2Lk6T8yV3hVJC45EHbzwIgjx:KC0PyE4M6Q1bMxTFy3r7d6T8y72HZk
Score

10^/10

babylonrat trojan upx
- Babylon RAT
  Babylon RAT is remote access trojan written in C++.
  trojan babylonrat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  KENAPA_UMNO_BERSAMA_KERAJAAN_PERPADUAN.lnk
- Size
  
  3KB
- MD5
  
  67919ac65f71daac11a70f8d9e9b75d3
- SHA1
  
  0ce2c4fe931dc3e711ea4af9913476a4e08fc7b2
- SHA256
  
  2c202c8fb88c907867f43a1d3c82a15b3b67204799efaed9e5cca2e150cdaacc
- SHA512
  
  c235a6a0913da127b70a46491e51d47813a3a7edcfcae6e1bcf1a06ccc418eb304ed05062fd6c84215533f8b30aea4e6dd3f59ad7c2b4ff2f9aab1a93914c533
Score

10^/10

babylonrat persistence trojan upx
- Babylon RAT
  Babylon RAT is remote access trojan written in C++.
  trojan babylonrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral3 behavioral4
- Target
  
  KENAPA_UMNO_BERSAMA_KERAJAAN_PERPADUAN.pdf
- Size
  
  49.2MB
- MD5
  
  b02c8bb71a223c4fd1d199638ee01ba0
- SHA1
  
  33b4cb8ce9483e14476fb2b75d948ebb1ba04480
- SHA256
  
  fa53b9ffeac9ab9957ff64bf7c5484b570442e183ac6509bb01f7fd6dbcd0b4d
- SHA512
  
  f9eb7cb7d9da46a6780154750da61adbbcd37d62a76f133629fb8d9be6bf56215185191962e78d3b35ff10cd2b6cead6f327e622bcd2067cde11c8e213259e1a
- SSDEEP
  
  786432:kM7WBbW/hcVBAizVaTLGer0UClobCG20Fl1k7iCvRbSqb5k1iulJl7wEp5rBgvBL:57v/hExzUHaReVTf1cbSqVYlH8IiBVUq
Score

1^/10
behavioral5 behavioral6
- Target
  
  KENAPA_UMNO_BERSAMA_KERAJAAN_PERPADUAN.ps1
- Size
  
  665B
- MD5
  
  6fb15b95d7c72e3ccbc83b37a41b45d4
- SHA1
  
  c5d8e777be55d08aeff6e3ab40b7768e446b5801
- SHA256
  
  36e08d17fb61edfd642fa968a62dcdd23c20952d9ac4550bb8e36ec908aff38b
- SHA512
  
  7f2072d027012ce27145787f3a2948f6f95bfccf0527ee444cd328243b0e18004bffe798320810ede91a02d38e0863a97248e376b15a75a6c763494fb06826c6
Score

10^/10

babylonrat persistence trojan upx
- Babylon RAT
  Babylon RAT is remote access trojan written in C++.
  trojan babylonrat
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

babylonrattrojanupx

behavioral2

babylonrattrojanupx

behavioral3

babylonratpersistencetrojanupx

behavioral4

babylonratpersistencetrojanupx

behavioral5

behavioral6

behavioral7

babylonratpersistencetrojanupx

behavioral8

babylonratpersistencetrojanupx

© 2018-2024

Terms | Privacy