Extracted

• • Target

    2d025269f56867da66563db280ab6569_JaffaCakes118

  • Size

    2.7MB

  • MD5

    2d025269f56867da66563db280ab6569

  • SHA1

    460574ed62cbeee67e8040664dfd6a8f00759887

  • SHA256

    6c90a79a689fe5e644eb84fa9841e651cc95ce72097d682782bf6a843cb74945

  • SHA512

    c12ca5eb92a0044d0e26ce19fd7784449b0411ba478c867fefd0cfd342ef4813cb21de489ce8104b1a7d4f5b78bafed90a1db9a26e4f3a186eb14c30fc9b4d35

  • SSDEEP

    49152:2vPpaKDtcIycoXEfCt3FVo8NuKkM6NdW95YVViwkT7a6SnaBZezx1UdAI:UFMXEKt3Fm8NyM6NdW95Rw6gnI

  Score

  10^/10

  babylonratpersistencetrojanupx

  • Babylon RAT

    Babylon RAT is remote access trojan written in C++.

    trojanbabylonrat

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2