Overview

overview

10

Static

static

5

NEAS.5644c...40.exe

windows7-x64

10

NEAS.5644c...40.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.5644cdc1b640b1334444303bf5806d40.exe

  • Size

    1.5MB

  • Sample

    231028-ymm9nsfg6w

  • MD5

    5644cdc1b640b1334444303bf5806d40

  • SHA1

    f55bf6073be991f56f4474a9547fb764330ba02b

  • SHA256

    f7ae1af27005cba1896b746f03a071e744b80e98a66b21838d255d26cd407a0a

  • SHA512

    715bd2b8234d585552bfce5772ca4cbbe2d6b85de73c9dd8b7ee9315e1b7df38c1759a7599cb6fe1bc5daf0300738f5fa1e51df3766ee0ed8fdb2b42dd8ae2af

  • SSDEEP

    24576:dbCj2sObHtqQ4QqH0XlE654b4fX3fo8wBgNcr:dbCjPKNqQqH0XSuch

Score
10/10
babylonrattrojanupx

Malware Config

Targets

    • Target

      NEAS.5644cdc1b640b1334444303bf5806d40.exe

    • Size

      1.5MB

    • MD5

      5644cdc1b640b1334444303bf5806d40

    • SHA1

      f55bf6073be991f56f4474a9547fb764330ba02b

    • SHA256

      f7ae1af27005cba1896b746f03a071e744b80e98a66b21838d255d26cd407a0a

    • SHA512

      715bd2b8234d585552bfce5772ca4cbbe2d6b85de73c9dd8b7ee9315e1b7df38c1759a7599cb6fe1bc5daf0300738f5fa1e51df3766ee0ed8fdb2b42dd8ae2af

    • SSDEEP

      24576:dbCj2sObHtqQ4QqH0XlE654b4fX3fo8wBgNcr:dbCjPKNqQqH0XSuch

    Score
    10/10
    babylonrattrojanupx

    • Babylon RAT

      Babylon RAT is remote access trojan written in C++.

      trojanbabylonrat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks