Overview

overview

10

Static

static

5

NEAS.26b45...JC.exe

windows7-x64

10

NEAS.26b45...JC.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.26b45d35834c4049669b564592234840_JC.exe

  • Size

    1.5MB

  • Sample

    231018-z4tnfscg62

  • MD5

    26b45d35834c4049669b564592234840

  • SHA1

    f764f8ddd947758bc3da08b9452dccbfd6935c92

  • SHA256

    80711dd6f5ef6d72a38fa8a4796055097f31c14f068a17dd2ebb0c85c96c099f

  • SHA512

    d32d95aff199982380967f01720eb6043fc408e4f21ac24a9f58d84daa460d3847fff4d75e7d7c4946abba35b45ed958ac258cf7e9c979afc1a7d6428bcaabe1

  • SSDEEP

    24576:dbCj2sObHtqQ4QqH0XlE654b4fX3fo8wBgNcd:dbCjPKNqQqH0XSucH

Score
10/10
babylonrattrojanupx

Malware Config

Targets

    • Target

      NEAS.26b45d35834c4049669b564592234840_JC.exe

    • Size

      1.5MB

    • MD5

      26b45d35834c4049669b564592234840

    • SHA1

      f764f8ddd947758bc3da08b9452dccbfd6935c92

    • SHA256

      80711dd6f5ef6d72a38fa8a4796055097f31c14f068a17dd2ebb0c85c96c099f

    • SHA512

      d32d95aff199982380967f01720eb6043fc408e4f21ac24a9f58d84daa460d3847fff4d75e7d7c4946abba35b45ed958ac258cf7e9c979afc1a7d6428bcaabe1

    • SSDEEP

      24576:dbCj2sObHtqQ4QqH0XlE654b4fX3fo8wBgNcd:dbCjPKNqQqH0XSucH

    Score
    10/10
    babylonrattrojanupx

    • Babylon RAT

      Babylon RAT is remote access trojan written in C++.

      trojanbabylonrat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks