Extracted

• • Target

    7a8568882b188cb6262216906b127025_JaffaCakes118

  • Size

    590KB

  • MD5

    7a8568882b188cb6262216906b127025

  • SHA1

    bcf84768b4b9538554026da8a575a87304d4050b

  • SHA256

    7dc909cd2f5c8bc69358416320010d634a0e123cf5ef5152cb6fac139b397e7e

  • SHA512

    0647aa110c04718858ab06be0ef2ce03c3e8090c4b2cb8cdf55e0cf0ffe59fa9597d86de9887055a64394a38f8a8400aa30e87f379fc5e815d6551c24c7059f6

  • SSDEEP

    12288:H24Cqbnp7/OP/6D54YQRTGkcx4v9csrXndd0:W4C8p+9f6nW1Hrw

  Score

  10^/10

  upxbabylonrattrojan

  • Babylon RAT

    Babylon RAT is remote access trojan written in C++.

    trojanbabylonrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Suspicious use of SetThreadContext

  behavioral1behavioral2