General

  • Target

    e967e5778bbce368c0786e990cda6417_JaffaCakes118

  • Size

    1.4MB

  • Sample

    240409-hq3krscc4y

  • MD5

    e967e5778bbce368c0786e990cda6417

  • SHA1

    92c06f11f52865d2c05a091d92907cc446b150f3

  • SHA256

    1012f81b764e19da221657cbf5c400063faef8f97d82ccc1c7b1bab0921aa85b

  • SHA512

    098caaec0f9482e2b13d1460d3be95322fa564ff5490fe9c06cee735502edabf95804e9d42504bf3d60557b187ce798fa883e188e0c5307a3f33a291f360d8b5

  • SSDEEP

    24576:rrfP1Tok9Kc87buCPiCH3pSkT4gN38kOW8qdM7o+N4Du7Ec:Pd9KcsbDiCwM4CsBTWMpN4OEc

Malware Config

Targets

    • Target

      e967e5778bbce368c0786e990cda6417_JaffaCakes118

    • Size

      1.4MB

    • MD5

      e967e5778bbce368c0786e990cda6417

    • SHA1

      92c06f11f52865d2c05a091d92907cc446b150f3

    • SHA256

      1012f81b764e19da221657cbf5c400063faef8f97d82ccc1c7b1bab0921aa85b

    • SHA512

      098caaec0f9482e2b13d1460d3be95322fa564ff5490fe9c06cee735502edabf95804e9d42504bf3d60557b187ce798fa883e188e0c5307a3f33a291f360d8b5

    • SSDEEP

      24576:rrfP1Tok9Kc87buCPiCH3pSkT4gN38kOW8qdM7o+N4Du7Ec:Pd9KcsbDiCwM4CsBTWMpN4OEc

    • Babylon RAT

      Babylon RAT is remote access trojan written in C++.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.