babylonrat | b0ccdc361180712a49afa59b2ec75eca2c94eac89667349be9255f283aa0b0e6 | Triage

Submit
Reports

Overview

overview

Static

static

3

HEUR-Troja...by.exe

windows7-x64

HEUR-Troja...by.exe

windows10-2004-x64

Sharing

General

Target

HEUR-Trojan-Spy.Win32.Larby.gen-b0ccdc361180712a49afa59b2ec75eca2c94eac89667349be9255f283aa0b0e6
Size

926KB
Sample

240229-h7mkwaac62
MD5

cc07a3a171e1c2bfe860e797a0bca7b2
SHA1

5f2a2e9bc930b98c6f4d7cf8af133aa34f12d7f3
SHA256

b0ccdc361180712a49afa59b2ec75eca2c94eac89667349be9255f283aa0b0e6
SHA512

6432c7bc6c1744c9ee46e26e77c1cf5556de800d315f67f91b9f3f07cb399a45bc1a168b1510df79ad30983e7f1fb724c2eb821764f91c7748e119db80b3ee0c
SSDEEP

24576:jAFjjF2hCz1K0fbK+5S6n/J2S+W36mDtZL3h87e:0FjjF2czl7MULRtZe7

Score

10^/10

babylonrat discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

HEUR-Trojan-Spy.Win32.Larby.exe

Resource

win7-20240220-en

babylonrat discovery trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

HEUR-Trojan-Spy.Win32.Larby.exe

Resource

win10v2004-20240226-en

babylonrat discovery trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

babylonrat

C2

2.tcp.eu.ngrok.io

Targets

- Target
  
  HEUR-Trojan-Spy.Win32.Larby.gen-b0ccdc361180712a49afa59b2ec75eca2c94eac89667349be9255f283aa0b0e6
- Size
  
  926KB
- MD5
  
  cc07a3a171e1c2bfe860e797a0bca7b2
- SHA1
  
  5f2a2e9bc930b98c6f4d7cf8af133aa34f12d7f3
- SHA256
  
  b0ccdc361180712a49afa59b2ec75eca2c94eac89667349be9255f283aa0b0e6
- SHA512
  
  6432c7bc6c1744c9ee46e26e77c1cf5556de800d315f67f91b9f3f07cb399a45bc1a168b1510df79ad30983e7f1fb724c2eb821764f91c7748e119db80b3ee0c
- SSDEEP
  
  24576:jAFjjF2hCz1K0fbK+5S6n/J2S+W36mDtZL3h87e:0FjjF2czl7MULRtZe7
Score

10^/10

babylonrat discovery trojan
- Babylon RAT
  Babylon RAT is remote access trojan written in C++.
  trojan babylonrat
- Babylonrat family
  babylonrat
- Detects executables containing SQL queries to confidential data stores. Observed in infostealers
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

babylonratdiscoverytrojan

behavioral2

babylonratdiscoverytrojan

© 2018-2024

Terms | Privacy