Overview

overview

10

Static

static

5

NEAS.9a751...50.exe

windows7-x64

10

NEAS.9a751...50.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.9a751a495254f5a8abcd6c93940c7650.exe

  • Size

    1.5MB

  • Sample

    231107-dy4qksag2v

  • MD5

    9a751a495254f5a8abcd6c93940c7650

  • SHA1

    f5bd979fda15619e24979071c1b5fc65b052bd17

  • SHA256

    ca2b780b70228af0a5c3fc5d38eb3034ab50c13c6301544dfb99c4d33640a97f

  • SHA512

    38196125a782b0fdba399c49bc3e76946a39ff655e891e75c76593e137fa5bddf6c5373f12d376d1213ff838251de9924a52fc4deec5e916e4d3dacb05a19825

  • SSDEEP

    24576:dbCj2sObHtqQ4QqH0XlE654b4fX3fo8wBgNcx:dbCjPKNqQqH0XSucz

Score
10/10
babylonrattrojanupx

Malware Config

Targets

    • Target

      NEAS.9a751a495254f5a8abcd6c93940c7650.exe

    • Size

      1.5MB

    • MD5

      9a751a495254f5a8abcd6c93940c7650

    • SHA1

      f5bd979fda15619e24979071c1b5fc65b052bd17

    • SHA256

      ca2b780b70228af0a5c3fc5d38eb3034ab50c13c6301544dfb99c4d33640a97f

    • SHA512

      38196125a782b0fdba399c49bc3e76946a39ff655e891e75c76593e137fa5bddf6c5373f12d376d1213ff838251de9924a52fc4deec5e916e4d3dacb05a19825

    • SSDEEP

      24576:dbCj2sObHtqQ4QqH0XlE654b4fX3fo8wBgNcx:dbCjPKNqQqH0XSucz

    Score
    10/10
    babylonrattrojanupx

    • Babylon RAT

      Babylon RAT is remote access trojan written in C++.

      trojanbabylonrat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks