babylonrat | 7d0b4123925f27b39f6fa807c5cbe5503a7076d44402f9a1ced682e4b9007c52 | Triage

Submit
Reports

Overview

overview

Static

static

1

676468f314...18.exe

windows7-x64

7

676468f314...18.exe

windows10-2004-x64

Sharing

General

Target

676468f314fed40a1151d580e98226c7_JaffaCakes118
Size

566KB
Sample

240522-qk7ljach5y
MD5

676468f314fed40a1151d580e98226c7
SHA1

65d7707909da6e4d2f7aca130e273613efc2e121
SHA256

7d0b4123925f27b39f6fa807c5cbe5503a7076d44402f9a1ced682e4b9007c52
SHA512

33ca83d85f9e692707d9225af75115c71cc286eaebf3289af5b88ad2c6f79873785e42d8575628389b9f9a11dbeda4649755cd44a4b046bae66a6b5076b8c470
SSDEEP

6144:ZP5sIpfoSB6e/uwxkWaXYikTEuj81k1K4np8c2tcQjvyBW9UCZY1geSgX3RrEOuX:ZOIpfZmbXYiLqk4Sc2R6BRxcAEYj8n1X

Score

10^/10

babylonrat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

676468f314fed40a1151d580e98226c7_JaffaCakes118.exe

Resource

win7-20240221-en

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

676468f314fed40a1151d580e98226c7_JaffaCakes118.exe

Resource

win10v2004-20240508-en

babylonrat trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

babylonrat

C2

rdp.netpipe.xyz

Targets

- Target
  
  676468f314fed40a1151d580e98226c7_JaffaCakes118
- Size
  
  566KB
- MD5
  
  676468f314fed40a1151d580e98226c7
- SHA1
  
  65d7707909da6e4d2f7aca130e273613efc2e121
- SHA256
  
  7d0b4123925f27b39f6fa807c5cbe5503a7076d44402f9a1ced682e4b9007c52
- SHA512
  
  33ca83d85f9e692707d9225af75115c71cc286eaebf3289af5b88ad2c6f79873785e42d8575628389b9f9a11dbeda4649755cd44a4b046bae66a6b5076b8c470
- SSDEEP
  
  6144:ZP5sIpfoSB6e/uwxkWaXYikTEuj81k1K4np8c2tcQjvyBW9UCZY1geSgX3RrEOuX:ZOIpfZmbXYiLqk4Sc2R6BRxcAEYj8n1X
Score

10^/10

upx babylonrat trojan
- Babylon RAT
  Babylon RAT is remote access trojan written in C++.
  trojan babylonrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

babylonrattrojanupx

© 2018-2024

Terms | Privacy