Extracted

• • Target

    633d837f772773032d1fb16859a6468ca3e7813b678dbfd77f8a1c6152764c73

  • Size

    1.5MB

  • MD5

    d73ddcf84310a2b31bb9be4af8b4ea67

  • SHA1

    43df201182a4b883ccc718d853d4d674bddd7d83

  • SHA256

    633d837f772773032d1fb16859a6468ca3e7813b678dbfd77f8a1c6152764c73

  • SHA512

    9e4a92f34ed80c17328e957a47320adb3e3c3a49d267aee0e5203be405f76179a8390791c614a29bf0bfd375d566772a6f30d5c7060e75e909de4137e33a1acf

  • SSDEEP

    24576:dbCj2sObHtqQ4QqH0XlE654b4fX3fo8wBgNcK:dbCjPKNqQqH0XSucM

  Score

  10^/10

  babylonratdiscoverytrojanupx

  • Babylon RAT

    Babylon RAT is remote access trojan written in C++.

    trojanbabylonrat

  • Babylonrat family

    babylonrat

  • Detects executables containing SQL queries to confidential data stores. Observed in infostealers

  • UPX dump on OEP (original entry point)

  • Executes dropped EXE

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2