Overview

overview

10

Static

static

5

NEAS.dcb7b...JC.exe

windows7-x64

10

NEAS.dcb7b...JC.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.dcb7b9fe2f8cd7c6439771599a443260_JC.exe

  • Size

    1.5MB

  • Sample

    231104-mn75paab69

  • MD5

    dcb7b9fe2f8cd7c6439771599a443260

  • SHA1

    6b76a57ef5e5beb57e902daad6e687c2731f3e56

  • SHA256

    314df8466f9068599de43c58490021ce0f89f12ce6dbe1b2a5cf3cbf0ec1cc44

  • SHA512

    a011681765b28c2e8c6536e4d7610b20bd89212a675f402505209a08d61671ef4ca8f6225220c896e0d15fff5dae41530c03034f5e638c58189cb02bf7c06170

  • SSDEEP

    24576:dbCj2sObHtqQ4QqH0XlE654b4fX3fo8wBgNcZ:dbCjPKNqQqH0XSucv

Score
10/10
babylonrattrojanupx

Malware Config

Targets

    • Target

      NEAS.dcb7b9fe2f8cd7c6439771599a443260_JC.exe

    • Size

      1.5MB

    • MD5

      dcb7b9fe2f8cd7c6439771599a443260

    • SHA1

      6b76a57ef5e5beb57e902daad6e687c2731f3e56

    • SHA256

      314df8466f9068599de43c58490021ce0f89f12ce6dbe1b2a5cf3cbf0ec1cc44

    • SHA512

      a011681765b28c2e8c6536e4d7610b20bd89212a675f402505209a08d61671ef4ca8f6225220c896e0d15fff5dae41530c03034f5e638c58189cb02bf7c06170

    • SSDEEP

      24576:dbCj2sObHtqQ4QqH0XlE654b4fX3fo8wBgNcZ:dbCjPKNqQqH0XSucv

    Score
    10/10
    babylonrattrojanupx

    • Babylon RAT

      Babylon RAT is remote access trojan written in C++.

      trojanbabylonrat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks