Overview

overview

10

Static

static

5

NEAS.03a52...80.exe

windows7-x64

3

NEAS.03a52...80.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.03a5200e0863977e9474bb870220dc80.exe

  • Size

    1.5MB

  • Sample

    231021-z2c8pacb27

  • MD5

    03a5200e0863977e9474bb870220dc80

  • SHA1

    764597e48422c592a2ca2c0e94ab67a29c8cc93e

  • SHA256

    1974943b4695e3dc9dee6551cf0ce9da01ab30690a1ba0cf63ab3575fa3abbeb

  • SHA512

    4fea030bda9d1371f919785a5d0daa017d4297f7383d6679cc747277bae1ee37aea9c83b48c5aa105d7847d360feb503986c5c6ad2c624be732d7a471f31ed08

  • SSDEEP

    24576:dbCj2sObHtqQ4QqH0XlE654b4fX3fo8wBgNc6:dbCjPKNqQqH0XSuck

Score
10/10
babylonrattrojanupx

Malware Config

Targets

    • Target

      NEAS.03a5200e0863977e9474bb870220dc80.exe

    • Size

      1.5MB

    • MD5

      03a5200e0863977e9474bb870220dc80

    • SHA1

      764597e48422c592a2ca2c0e94ab67a29c8cc93e

    • SHA256

      1974943b4695e3dc9dee6551cf0ce9da01ab30690a1ba0cf63ab3575fa3abbeb

    • SHA512

      4fea030bda9d1371f919785a5d0daa017d4297f7383d6679cc747277bae1ee37aea9c83b48c5aa105d7847d360feb503986c5c6ad2c624be732d7a471f31ed08

    • SSDEEP

      24576:dbCj2sObHtqQ4QqH0XlE654b4fX3fo8wBgNc6:dbCjPKNqQqH0XSuck

    Score
    10/10
    babylonrattrojanupx

    • Babylon RAT

      Babylon RAT is remote access trojan written in C++.

      trojanbabylonrat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks