Overview

overview

10

Static

static

3

e967e5778b...18.exe

windows7-x64

10

e967e5778b...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e967e5778bbce368c0786e990cda6417_JaffaCakes118

  • Size

    1.4MB

  • Sample

    240409-hq3krscc4y

  • MD5

    e967e5778bbce368c0786e990cda6417

  • SHA1

    92c06f11f52865d2c05a091d92907cc446b150f3

  • SHA256

    1012f81b764e19da221657cbf5c400063faef8f97d82ccc1c7b1bab0921aa85b

  • SHA512

    098caaec0f9482e2b13d1460d3be95322fa564ff5490fe9c06cee735502edabf95804e9d42504bf3d60557b187ce798fa883e188e0c5307a3f33a291f360d8b5

  • SSDEEP

    24576:rrfP1Tok9Kc87buCPiCH3pSkT4gN38kOW8qdM7o+N4Du7Ec:Pd9KcsbDiCwM4CsBTWMpN4OEc

Score
10/10
babylonratpersistencetrojan

Malware Config

Targets

    • Target

      e967e5778bbce368c0786e990cda6417_JaffaCakes118

    • Size

      1.4MB

    • MD5

      e967e5778bbce368c0786e990cda6417

    • SHA1

      92c06f11f52865d2c05a091d92907cc446b150f3

    • SHA256

      1012f81b764e19da221657cbf5c400063faef8f97d82ccc1c7b1bab0921aa85b

    • SHA512

      098caaec0f9482e2b13d1460d3be95322fa564ff5490fe9c06cee735502edabf95804e9d42504bf3d60557b187ce798fa883e188e0c5307a3f33a291f360d8b5

    • SSDEEP

      24576:rrfP1Tok9Kc87buCPiCH3pSkT4gN38kOW8qdM7o+N4Du7Ec:Pd9KcsbDiCwM4CsBTWMpN4OEc

    Score
    10/10
    babylonratpersistencetrojan

    • Babylon RAT

      Babylon RAT is remote access trojan written in C++.

      trojanbabylonrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks