babylonrat | f217ef2073103275063ea594fcb775a023bb3c057593c3ebb315b798f635ae1e

Analysis

max time kernel
141s
max time network
146s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
06-11-2023 06:40

Target

babylon.exe
Size

370KB
MD5

8ad907b86f83e876957c78e5d3a30de1
SHA1

5a436c1076d3a03711d5729f324364c2e15b3ad1
SHA256

f217ef2073103275063ea594fcb775a023bb3c057593c3ebb315b798f635ae1e
SHA512

ccbc1e8cff4f6e867456cc4d80556b839fc890b80319132e69b0f986b1dd8f1e2c167567b48322da27a8577a2077d8e58b78358b7ea9f0c0d5b6cf1d651367c1
SSDEEP

6144:CL1ncfWwN0oc35jeRh8Xqfy/Ka1OHAH0tMrKCTEABG+Z9d3cQT/9nR4Ioy19F:CLdcfxaeM6fy/KaVUtgKkTZ73coNRJF

Score

10^/10

Family

babylonrat

206.189.20.127

Babylon RAT
Babylon RAT is remote access trojan written in C++.
trojan babylonrat

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2212-0-0x0000000000DB0000-0x0000000000E80000-memory.dmp	upx
behavioral1/memory/2212-1-0x0000000000DB0000-0x0000000000E80000-memory.dmp	upx
behavioral1/memory/2212-3-0x0000000000DB0000-0x0000000000E80000-memory.dmp	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2212	babylon.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2212	babylon.exe

memory/2212-0-0x0000000000DB0000-0x0000000000E80000-memory.dmp

Filesize
832KB

Download
memory/2212-1-0x0000000000DB0000-0x0000000000E80000-memory.dmp

Filesize
832KB

Download
memory/2212-3-0x0000000000DB0000-0x0000000000E80000-memory.dmp

Filesize
832KB

Download