babylonrat | Clown[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Clown.exe
Size

733KB
MD5

bd43d4c0701b03563e7d2772c9936a48
SHA1

7b2aa39307d1b8549ee77ff844cb51fc970d4a9e
SHA256

e04056788fb9482f14c5f8eeb8b44ea44ae871c9589b853b923c749eafac6fdc
SHA512

485eb3900019efbcf73dc7c102962a9cb1bd355e0c5a96d1381470badf164fa92b6f9e5b8c9850c9f131abb2dede897a58f9c1e3534df2cdc5716e5ddec85dde
SSDEEP

12288:8qzcpVgUXzL0TTUKZHTNloEkOpnKgofuIwV6eAj0wZxxXMcEe/3paPcgSX:8qzcpKIL0TvZzNlNky0wVW0wZxxVgSX

Score

10^/10

babylonrat

Malware Config

Signatures

Babylonrat family
babylonrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Clown.exe

Files

Clown.exe
.exe windows:5 windows x86 arch:x86

2cbe6db2ec1d8a931b50336af1a7dc15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsWow64Process
GetLocaleInfoW
CreateProcessW
GetFileSize
WriteFile
ReadFile
GetSystemDirectoryA
CreateFileA
SetFileAttributesA
lstrcmpW
lstrlenW
GetModuleFileNameW
GetTempFileNameW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
CopyFileW
MoveFileW
MoveFileExW
GetCurrentProcessId
GetVersionExW
GetExitCodeProcess
CreatePipe
PeekNamedPipe
GetStartupInfoW
DeleteFileA
AreFileApisANSI
GetSystemTime
LocalFree
GetTempPathA
GetVersionExA
OutputDebugStringA
GetFileAttributesExW
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
GetDiskFreeSpaceW
LockFileEx
HeapSize
GetLastError
FlushFileBuffers
CreateFileW
HeapValidate
HeapCreate
HeapDestroy
FormatMessageW
FormatMessageA
GetSystemTimeAsFileTime
GetProcessHeap
UnlockFileEx
GetTickCount
OutputDebugStringW
WaitForSingleObjectEx
LockFile
FlushViewOfFile
UnlockFile
InterlockedCompareExchange
WaitForSingleObject
HeapFree
QueryPerformanceCounter
SystemTimeToFileTime
HeapAlloc
FreeLibrary
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
ResetEvent
HeapCompact
GetTempPathW
HeapReAlloc
GetFullPathNameA
GetFullPathNameW
GetCurrentThreadId
TryEnterCriticalSection
GetCurrentProcess
SetErrorMode
GetCommandLineW
GetCurrentDirectoryW
SetSystemPowerState
OpenMutexW
GlobalAlloc
GlobalFree
InterlockedDecrement
lstrcpyW
GetComputerNameW
GetLogicalDrives
GetFileSizeEx
FindClose
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetDriveTypeW
GetDiskFreeSpaceExW
FindFirstFileW
FindNextFileW
SetEvent
DeleteCriticalSection
LeaveCriticalSection
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
GetTimeZoneInformation
GetConsoleCP
GetFileType
SetFilePointerEx
ReadConsoleW
GetConsoleMode
SetEnvironmentVariableW
SetEnvironmentVariableA
GetStdHandle
GetOEMCP
GetACP
IsValidCodePage
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
TlsFree
EnterCriticalSection
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LoadLibraryW
GetNativeSystemInfo
GetSystemInfo
GlobalMemoryStatusEx
Process32NextW
Process32FirstW
CreateDirectoryW
GetLocalTime
GlobalUnlock
GlobalLock
CreateEventW
CreateMutexW
Sleep
InitializeCriticalSection
GetModuleHandleW
ResumeThread
TerminateThread
CreateThread
Process32Next
Process32First
CreateToolhelp32Snapshot
WideCharToMultiByte
MultiByteToWideChar
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
LoadLibraryA
CloseHandle
TerminateProcess
OpenProcess
GetProcAddress
GetFileAttributesA
lstrlenA
lstrcatA
SetFilePointer
GetCommandLineA
LoadLibraryExW
ExitThread
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwind
RaiseException
GetStringTypeW
DecodePointer
EncodePointer

user32

LoadIconW
wsprintfW
OpenClipboard
CloseClipboard
GetClipboardData
GetForegroundWindow
GetWindowThreadProcessId
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
CharUpperW
GetKeyState
LoadCursorW
UnhookWindowsHookEx
CallNextHookEx
ExitWindowsEx
GetLastInputInfo
GetWindowRect
SendInput
GetSystemMetrics
GetDC
ReleaseDC
GetClientRect
SetCursorPos
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
UpdateWindow
FlashWindowEx
ShowWindow
CreateWindowExW
EnumDisplaySettingsW
EnumDisplayDevicesW
GetDesktopWindow
RegisterClassExW
PostQuitMessage
DefWindowProcW
SendMessageW
DispatchMessageW
TranslateMessage
GetMessageW
SetWindowsHookExW

gdi32

SetStretchBltMode
StretchBlt
SelectObject
GetDIBits
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
SetTextColor
SetBkColor
GetStockObject
CreateFontW
GetObjectW

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegDeleteValueW
RegCreateKeyW
RegQueryValueExW
RegOpenKeyExW
GetUserNameW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetFileInfoW
SHGetFolderPathW
ShellExecuteW
SHGetKnownFolderPath
SHFileOperationW
CommandLineToArgvW
SHGetFolderPathA

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantInit

shlwapi

ord12
SHGetValueA

crypt32

CryptStringToBinaryA
CryptUnprotectData

netapi32

NetApiBufferFree
NetUserEnum

urlmon

URLDownloadToFileW

gdiplus

GdipFree
GdiplusShutdown
GdipCloneImage
GdipCreateBitmapFromGdiDib
GdipSaveImageToStream
GdipDisposeImage
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipAlloc

ws2_32

WSAStartup
connect
ioctlsocket
inet_ntop
inet_pton
FreeAddrInfoW
GetAddrInfoW
WSACleanup
closesocket
htons
sendto
socket
send
recv

psapi

GetModuleFileNameExW
GetModuleBaseNameW

powrprof

SetSuspendState

comctl32

InitCommonControlsEx

Sections

.text
Size: 516KB - Virtual size: 516KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2cbe6db2ec1d8a931b50336af1a7dc15

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

crypt32

netapi32

urlmon

gdiplus

ws2_32

psapi

powrprof

comctl32

Sections

.text Size: 516KB - Virtual size: 516KB

.rdata Size: 86KB - Virtual size: 85KB

.data Size: 109KB - Virtual size: 139KB

.rsrc Size: 1024B - Virtual size: 736B

.reloc Size: 19KB - Virtual size: 19KB

.text
Size: 516KB - Virtual size: 516KB

.rdata
Size: 86KB - Virtual size: 85KB

.data
Size: 109KB - Virtual size: 139KB

.rsrc
Size: 1024B - Virtual size: 736B

.reloc
Size: 19KB - Virtual size: 19KB