Extracted

• • Target

    006c50e0d2c17bdcf357c18c33c16bd4_JaffaCakes118

  • Size

    1.5MB

  • MD5

    006c50e0d2c17bdcf357c18c33c16bd4

  • SHA1

    30c7fd7f2ed979b81df64c5130a7aaab0514197f

  • SHA256

    fa3d137dbf86138f13a9a51fdf586222f72d2201962a6aa9c5890aa3c2c097a3

  • SHA512

    fa59cf0b02c60cf0542ea2fdea3bf275237179998625312425c44f3543783acf1cfb8da51624c0998dc4bf0c1e85335561c1507ba1e0037e83f57c4e9ce6479f

  • SSDEEP

    24576:NAHnh+eWsN3skA4RV1Hom2KXMmHa2XOS+/ODFJ2ifnTBMJ52cDT0F5:sh+ZkldoPK8Ya2X2WzlMJIcna

  Score

  10^/10

  babylonratdiscoveryexecutiontrojanupx

  • Babylon RAT

    Babylon RAT is remote access trojan written in C++.

    trojanbabylonrat

  • Babylonrat family

    babylonrat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Drops startup file

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2