Extracted

• • Target

    660c9f6423af0b5904795c35918bfc1d_JaffaCakes118

  • Size

    3.0MB

  • MD5

    660c9f6423af0b5904795c35918bfc1d

  • SHA1

    db76ca668d99446d6893713e94f87ceda9c719ea

  • SHA256

    05de0b178f4283cf6e4d16fd8a7db1f20703df56159dbd1f4ca64862e4c58391

  • SHA512

    eb69f2a49352a389a534fbe3250881201db228bad62f23f0bc466106bb09eaf09353137019e5dfc9b99c033dc1542f529c5313dcd368e2e5e4aa369e37a23968

  • SSDEEP

    49152:8P8B7enbJ4PpaKDtcIycoXEfCt3FVo8NuKkM6NdW95YVViwkT7a6SnaBZezx1Udj:8P+ebIFMXEKt3Fm8NyM6NdW95Rw6gnI

  Score

  10^/10

  babylonratpersistencetrojan

  • Babylon RAT

    Babylon RAT is remote access trojan written in C++.

    trojanbabylonrat

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2