babylonrat | 82d7f059608bbf6bf8112dfaa2cfae570b4fa68aa56f3b48cd3673212fa19c52 | Triage

Sharing

General

Target

2024-06-26_4c7afbccecb19ce4ed453f9c65fd36f1_poet-rat_snatch
Size

4.8MB
Sample

240626-rq1kvaycmg
MD5

4c7afbccecb19ce4ed453f9c65fd36f1
SHA1

42bea032c04be5ad23ee33209d710365afbaba62
SHA256

82d7f059608bbf6bf8112dfaa2cfae570b4fa68aa56f3b48cd3673212fa19c52
SHA512

914dd71f49e12d2c3f1928903c4903af0b40d3b50f7e7be313b8923a91bf6b6f544be6b100f8a20c709275612d21a5f898e4b6bb60cc70903f1559606c956d46
SSDEEP

49152:1ur1PwvIyeo+j+E5p9vTiOHWdC9hHbxCM5Ems3pQMLxA7y:qVo+jXJzWdC9lXEmBMN3

Score

10^/10

babylonrat execution trojan

Malware Config

Extracted

Family

babylonrat

C2

147.185.221.20

Targets

- Target
  
  2024-06-26_4c7afbccecb19ce4ed453f9c65fd36f1_poet-rat_snatch
- Size
  
  4.8MB
- MD5
  
  4c7afbccecb19ce4ed453f9c65fd36f1
- SHA1
  
  42bea032c04be5ad23ee33209d710365afbaba62
- SHA256
  
  82d7f059608bbf6bf8112dfaa2cfae570b4fa68aa56f3b48cd3673212fa19c52
- SHA512
  
  914dd71f49e12d2c3f1928903c4903af0b40d3b50f7e7be313b8923a91bf6b6f544be6b100f8a20c709275612d21a5f898e4b6bb60cc70903f1559606c956d46
- SSDEEP
  
  49152:1ur1PwvIyeo+j+E5p9vTiOHWdC9hHbxCM5Ems3pQMLxA7y:qVo+jXJzWdC9lXEmBMN3
Score

10^/10

babylonrat execution trojan
- Babylon RAT
  Babylon RAT is remote access trojan written in C++.
  trojan babylonrat
- Detects executables containing SQL queries to confidential data stores. Observed in infostealers
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

babylonratexecutiontrojan