babylonrat | cbc5c9ebce50216b6f5ef73e545b317b86e20423212f29733b5d032596be00eb | Triage

Sharing

General

Target

cbc5c9ebce50216b6f5ef73e545b317b86e20423212f29733b5d032596be00eb
Size

10.2MB
Sample

240409-dht67sce65
MD5

3b469784a485d1705edfd3196df0e1e5
SHA1

228467ee42bf0a6b32717b59932d7d61d6b08caf
SHA256

cbc5c9ebce50216b6f5ef73e545b317b86e20423212f29733b5d032596be00eb
SHA512

28c0c4f2325d27d2615b80d94fc71dce7b5577ebd130e743d5ffa12c7f497c21e5cb61ab55275762ace80dcbdd44ca1535b984ee22785914020c8007c8a323bb
SSDEEP

196608:V7oSNqzagn5zuf5rTRqcYdXuxTumr3cBS8Si2NdDcnSoiThhryQvwnbL:VUSNC9Y5/NYEk6OXSlNFBJwbL

Score

10^/10

babylonrat evasion persistence trojan

Malware Config

Extracted

Family

babylonrat

C2

175.209.69.173

Targets

- Target
  
  cbc5c9ebce50216b6f5ef73e545b317b86e20423212f29733b5d032596be00eb
- Size
  
  10.2MB
- MD5
  
  3b469784a485d1705edfd3196df0e1e5
- SHA1
  
  228467ee42bf0a6b32717b59932d7d61d6b08caf
- SHA256
  
  cbc5c9ebce50216b6f5ef73e545b317b86e20423212f29733b5d032596be00eb
- SHA512
  
  28c0c4f2325d27d2615b80d94fc71dce7b5577ebd130e743d5ffa12c7f497c21e5cb61ab55275762ace80dcbdd44ca1535b984ee22785914020c8007c8a323bb
- SSDEEP
  
  196608:V7oSNqzagn5zuf5rTRqcYdXuxTumr3cBS8Si2NdDcnSoiThhryQvwnbL:VUSNC9Y5/NYEk6OXSlNFBJwbL
Score

10^/10

babylonrat evasion persistence trojan
- Babylon RAT
  Babylon RAT is remote access trojan written in C++.
  trojan babylonrat
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies security service
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

babylonratevasionpersistencetrojan

behavioral2

babylonratevasionpersistencetrojan