babylonrat | Diln External V2[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Diln External V2.exe
Size

803KB
MD5

d714c9e28afdbf09289fe2792d787e53
SHA1

2b66d3b83de990f5f0a34681c59bc65fd1a23cc2
SHA256

7daa18e9835ca822570471ae58c1dfa667da89bb838c79c3f57f9c84192dedb8
SHA512

62a63b6bf61c8403fb41155415acb456986f508d4d62c6536d937b94d316f747213102c165da269e64175f9ea004b070ab658fa744f8c325da063fb3b2c73c56
SSDEEP

24576:AqzcpKIL0TvZzNlNky0wVW0wZxxVgcqX:Z6j0TvZzNlNk3w00wZxxVgcqX

Score

10^/10

babylonrat

Malware Config

Extracted

Family

babylonrat

192.168.1.136

Signatures

Babylonrat family
babylonrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Diln External V2.exe

Files

Diln External V2.exe
.exe windows:5 windows x86 arch:x86

2cbe6db2ec1d8a931b50336af1a7dc15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsWow64Process
GetLocaleInfoW
CreateProcessW
GetFileSize
WriteFile
ReadFile
GetSystemDirectoryA
CreateFileA
SetFileAttributesA
lstrcmpW
lstrlenW
GetModuleFileNameW
GetTempFileNameW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
CopyFileW
MoveFileW
MoveFileExW
GetCurrentProcessId
GetVersionExW
GetExitCodeProcess
CreatePipe
PeekNamedPipe
GetStartupInfoW
DeleteFileA
AreFileApisANSI
GetSystemTime
LocalFree
GetTempPathA
GetVersionExA
OutputDebugStringA
GetFileAttributesExW
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
GetDiskFreeSpaceW
LockFileEx
HeapSize
GetLastError
FlushFileBuffers
CreateFileW
HeapValidate
HeapCreate
HeapDestroy
FormatMessageW
FormatMessageA
GetSystemTimeAsFileTime
GetProcessHeap
UnlockFileEx
GetTickCount
OutputDebugStringW
WaitForSingleObjectEx
LockFile
FlushViewOfFile
UnlockFile
InterlockedCompareExchange
WaitForSingleObject
HeapFree
QueryPerformanceCounter
SystemTimeToFileTime
HeapAlloc
FreeLibrary
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
ResetEvent
HeapCompact
GetTempPathW
HeapReAlloc
GetFullPathNameA
GetFullPathNameW
GetCurrentThreadId
TryEnterCriticalSection
GetCurrentProcess
SetErrorMode
GetCommandLineW
GetCurrentDirectoryW
SetSystemPowerState
OpenMutexW
GlobalAlloc
GlobalFree
InterlockedDecrement
lstrcpyW
GetComputerNameW
GetLogicalDrives
GetFileSizeEx
FindClose
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetDriveTypeW
GetDiskFreeSpaceExW
FindFirstFileW
FindNextFileW
SetEvent
DeleteCriticalSection
LeaveCriticalSection
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
GetTimeZoneInformation
GetConsoleCP
GetFileType
SetFilePointerEx
ReadConsoleW
GetConsoleMode
SetEnvironmentVariableW
SetEnvironmentVariableA
GetStdHandle
GetOEMCP
GetACP
IsValidCodePage
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
TlsFree
EnterCriticalSection
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LoadLibraryW
GetNativeSystemInfo
GetSystemInfo
GlobalMemoryStatusEx
Process32NextW
Process32FirstW
CreateDirectoryW
GetLocalTime
GlobalUnlock
GlobalLock
CreateEventW
CreateMutexW
Sleep
InitializeCriticalSection
GetModuleHandleW
ResumeThread
TerminateThread
CreateThread
Process32Next
Process32First
CreateToolhelp32Snapshot
WideCharToMultiByte
MultiByteToWideChar
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
LoadLibraryA
CloseHandle
TerminateProcess
OpenProcess
GetProcAddress
GetFileAttributesA
lstrlenA
lstrcatA
SetFilePointer
GetCommandLineA
LoadLibraryExW
ExitThread
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwind
RaiseException
GetStringTypeW
DecodePointer
EncodePointer

user32

LoadIconW
wsprintfW
OpenClipboard
CloseClipboard
GetClipboardData
GetForegroundWindow
GetWindowThreadProcessId
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
CharUpperW
GetKeyState
LoadCursorW
UnhookWindowsHookEx
CallNextHookEx
ExitWindowsEx
GetLastInputInfo
GetWindowRect
SendInput
GetSystemMetrics
GetDC
ReleaseDC
GetClientRect
SetCursorPos
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
UpdateWindow
FlashWindowEx
ShowWindow
CreateWindowExW
EnumDisplaySettingsW
EnumDisplayDevicesW
GetDesktopWindow
RegisterClassExW
PostQuitMessage
DefWindowProcW
SendMessageW
DispatchMessageW
TranslateMessage
GetMessageW
SetWindowsHookExW

gdi32

SetStretchBltMode
StretchBlt
SelectObject
GetDIBits
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
SetTextColor
SetBkColor
GetStockObject
CreateFontW
GetObjectW

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegDeleteValueW
RegCreateKeyW
RegQueryValueExW
RegOpenKeyExW
GetUserNameW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetFileInfoW
SHGetFolderPathW
ShellExecuteW
SHGetKnownFolderPath
SHFileOperationW
CommandLineToArgvW
SHGetFolderPathA

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantInit

shlwapi

ord12
SHGetValueA

crypt32

CryptStringToBinaryA
CryptUnprotectData

netapi32

NetApiBufferFree
NetUserEnum

urlmon

URLDownloadToFileW

gdiplus

GdipFree
GdiplusShutdown
GdipCloneImage
GdipCreateBitmapFromGdiDib
GdipSaveImageToStream
GdipDisposeImage
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipAlloc

ws2_32

WSAStartup
connect
ioctlsocket
inet_ntop
inet_pton
FreeAddrInfoW
GetAddrInfoW
WSACleanup
closesocket
htons
sendto
socket
send
recv

psapi

GetModuleFileNameExW
GetModuleBaseNameW

powrprof

SetSuspendState

comctl32

InitCommonControlsEx

Sections

.text
Size: 516KB - Virtual size: 516KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

2cbe6db2ec1d8a931b50336af1a7dc15

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

crypt32

netapi32

urlmon

gdiplus

ws2_32

psapi

powrprof

comctl32

Sections

.text Size: 516KB - Virtual size: 516KB

.rdata Size: 86KB - Virtual size: 85KB

.data Size: 109KB - Virtual size: 139KB

.rsrc Size: 71KB - Virtual size: 71KB

.reloc Size: 19KB - Virtual size: 19KB

.text
Size: 516KB - Virtual size: 516KB

.rdata
Size: 86KB - Virtual size: 85KB

.data
Size: 109KB - Virtual size: 139KB

.rsrc
Size: 71KB - Virtual size: 71KB

.reloc
Size: 19KB - Virtual size: 19KB