General
-
Target
5419b68e892537e2f02ed14c671e315f_JaffaCakes118
-
Size
2.3MB
-
Sample
240518-ll768sdf38
-
MD5
5419b68e892537e2f02ed14c671e315f
-
SHA1
21c7e4899632b83776d1d86b406a76e60cc6f58d
-
SHA256
d0a1612ed72fa557c8dc8094b7536bf1e58c4dca0b0ee2dccd21f884644388a6
-
SHA512
e5929a4772821f39d30199d1af35a08ae3209445ef7203a617bec9ca48b8d71be2f2b8efb2315046a560d04c95d7d5b5029601d8d3cc89b4d4c8892af0f5f3ab
-
SSDEEP
49152:YTnwHus0g6cXW9DpUT3WzSmagomLoLWGwjlBLP72gbHYTno:8nwHu3ZeTGpaKsqvllP/4zo
Malware Config
Targets
-
-
Target
5419b68e892537e2f02ed14c671e315f_JaffaCakes118
-
Size
2.3MB
-
MD5
5419b68e892537e2f02ed14c671e315f
-
SHA1
21c7e4899632b83776d1d86b406a76e60cc6f58d
-
SHA256
d0a1612ed72fa557c8dc8094b7536bf1e58c4dca0b0ee2dccd21f884644388a6
-
SHA512
e5929a4772821f39d30199d1af35a08ae3209445ef7203a617bec9ca48b8d71be2f2b8efb2315046a560d04c95d7d5b5029601d8d3cc89b4d4c8892af0f5f3ab
-
SSDEEP
49152:YTnwHus0g6cXW9DpUT3WzSmagomLoLWGwjlBLP72gbHYTno:8nwHu3ZeTGpaKsqvllP/4zo
Score10/10-
Babylon RAT
Babylon RAT is remote access trojan written in C++.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-