babylonrat | 761c15ae1628af04e552eab0fc10f2e315ac73aaaf255f050104b3fcf624f976

Sharing

Copy URL

Twitter E-mail

General

Target

Babylon 1.6.0.0.zip
Size

5.1MB
Sample

240629-ya8d3sthmb
MD5

0a700ae0d284251295eeb15ce5e6031e
SHA1

1de9a2ae0302399f4c2b5cef75bd59867b56e957
SHA256

761c15ae1628af04e552eab0fc10f2e315ac73aaaf255f050104b3fcf624f976
SHA512

c0916f382c054082f2cb01fef62f94b998f5dca3dba714d4a1acf84e96490dc0edc18d675465f6bc9cf411fc57d82f268829d837bc1c52a3a46f375b3a98fda9
SSDEEP

98304:PpRL02s5mslSpYwRIB4oPhSAysF/J/XY517rHqKGNihD2bCgHqeh6h2BEgo:PpfskCwRZoPhSAysF/J/+170ihS2g/h6

Score

10^/10

Malware Config

Targets

- Target
  
  Babylon 1.6.0.0/Babylon RAT.exe
- Size
  
  6.7MB
- MD5
  
  aecdce1d7e2a637d1dcacd2b4580487b
- SHA1
  
  d5cd12f7a18d6777c9ec8458694aa3a74fd23701
- SHA256
  
  9157a48c53ca7a4543bac5b771886c87ea407bab6bbb053b50bc22709111d572
- SHA512
  
  8bb5ad64f1b2e75e47c4671396a713018c74c44e84803887c6b4a200ea85f4c020ccfe15211af3899cdcf9d0f46ef994bfd939e462f61062044874f7a64d7a35
- SSDEEP
  
  98304:KbldsCQTcsBL54TRRTk3w0ZIWoPzSSosDlh7OLifNLxu2UVaCS2e7Csb6j9cgl36:GnPsHqRwvoPzSSosDlhCKzi9/2BO4T
Score

10^/10

babylonrat trojan upx
- Babylon RAT
  Babylon RAT is remote access trojan written in C++.
  trojan babylonrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1
- Target
  
  Babylon 1.6.0.0/ObjectListView.dll
- Size
  
  405KB
- MD5
  
  de9f71635fb8532bd5202086097c2083
- SHA1
  
  6fafef29e6964209122555745a89ba3d1237f762
- SHA256
  
  1fa030cdd98f653fcaa109af5c48f3d58f624aa671a980628397c6c6bc6433be
- SHA512
  
  c82c7d79af86826fbf9f6519fd37c456017af9f77a6b05afa81a823f7a1be8a04bf2fc5ee32175a92803e9d0a34277b655571428cf655dd07abfd9d87f78568d
- SSDEEP
  
  6144:thiBxWw1YQ0K4/INLROMAYnMj108hIrH4puTHgaNe7lVG7UGO0UOP95QvMrLi:thCx11LsI/DtnQ1YrH4puTHgOrL
Score

1^/10
behavioral2
- Target
  
  Babylon 1.6.0.0/SharpDX.DXGI.dll
- Size
  
  87KB
- MD5
  
  ce9d63a67dc2d2e23b92136c43baa02b
- SHA1
  
  1ea7dc92963778e44f3c045dac707958082179e5
- SHA256
  
  46ee8cc2375cb009c8d85948cfbd0b82e378c756f1eeef95427c45e0ce5b015d
- SHA512
  
  6e169f0d0839532c33495cbb0441801cc31ae3a7e6b5a3236dc8187c8566abeb744a784cf974319caf1820e972b3d00f1bf51e6fa5a608dcaa2c5ac0e7751ff7
- SSDEEP
  
  1536:dgd4T6pv//Ak/taAgZ2Owg28ShSCivO5Ib6VU3x8yFa0H:dgdV3/AdHZRT+ig0H
Score

1^/10
behavioral3
- Target
  
  Babylon 1.6.0.0/SharpDX.Direct2D1.dll
- Size
  
  225KB
- MD5
  
  ae45e105c17ccf8cd41df6235a7096a7
- SHA1
  
  c5b53247b83ce4ee60e0c6ee724e4bd6beb0f996
- SHA256
  
  c45dd7155f828b9491dc2befd092f7be8d6d43bc37616fd1c9bfd5d8875206be
- SHA512
  
  174784ea15cf6cae8db08bce529fffaf005d94338cff540869214f68ac4e80fb1d4a441a18a57586f7db2a7197347df89df2629f1e3765aebfad47beedc9e7e6
- SSDEEP
  
  3072:h1PS247ZU+Jbs+pVOuR2FJT1OXeIfkfRCgOpsCUYpCUYwOSUg/t2z1A2HxdA0E33:hkC+pKrT1qeIfkME7EhSe5
Score

1^/10
behavioral4
- Target
  
  Babylon 1.6.0.0/SharpDX.Direct3D10.dll
- Size
  
  174KB
- MD5
  
  93ea6468faf23ad7017e5f1885cf85e9
- SHA1
  
  c25f58172d25c7cdc622355e6db38722760bb9e5
- SHA256
  
  c03a671bbf25a4cca0030aedd352be04e1b75ecc4d88f590057252735322974f
- SHA512
  
  d1c05ae043f90665f9e741c4c1dead821c65004fed5ca0ffd5c557b2245ab5577ce48728a46f56cc66b401f6878e217e6fbdf7f1a0c77d4b333ff9b1256f9a64
- SSDEEP
  
  3072:a8HZkOrSS+EpH/OPSXev8xskvFxvD6IXiVNsGaF/daKa7Zj:lkTMpfOP50xskvFxvD6IXiVNqdaK6
Score

1^/10
behavioral5
- Target
  
  Babylon 1.6.0.0/SharpDX.dll
- Size
  
  538KB
- MD5
  
  1ede43c66b29696c7c6664b9faf7e5aa
- SHA1
  
  55c1e0a5d0995e7dce2bb07a1ccdfca67c8b9fea
- SHA256
  
  f1f7da12c754215d8ad2a4b987f772722fa575bb34b33856adf5b39b28e3d5ee
- SHA512
  
  0d4da4bd00f54a2a7dc1f2d985f2d65755fd6df0a40f74a312b7c8f9ccf64156b97ce4a36646a4fc373e0fadd42355dedd5ad9177cfc20a636e23cb452e315aa
- SSDEEP
  
  6144:+Ibd7KIBofkCPfAVdX4e0RrSgTFW4rg6KSyhlEaoksQiyqFKW0mhuPPZ:dblEPfAVd1OG4csOeabE0mQ
Score

1^/10
behavioral6
- Target
  
  Babylon 1.6.0.0/Theme.dll
- Size
  
  87KB
- MD5
  
  2b61363f4f52a821908efb18d7a9bcb4
- SHA1
  
  7ea57f6afb82a003289ee2461121c347e8362ecc
- SHA256
  
  5138867aa5100c833faddba8ff8f0e5c61a535b8c34ef367cb3f095f56cd6521
- SHA512
  
  7ee8c751afab022e0e0de480838274ee2f4bfd637e45dbd9998ff6e9aca582a9ac14e86ebc96a913e321bd674a77234e90b747d43755deafaadc6bcb894cacfc
- SSDEEP
  
  1536:s8O+YIDwzYKtrhOFCzj6MqAqHCGLAMhng70L6eTsDmL:zG6MqpHPLPh1DzL
Score

1^/10
behavioral7
- Target
  
  Babylon 1.6.0.0/server.exe
- Size
  
  355KB
- MD5
  
  b3959d510f716ea5e7eac3dfecb960b2
- SHA1
  
  376752bd404952b7d960b0c35051c9d1f78bd1e6
- SHA256
  
  40bb9963dfa7bef8169b8746bcb894cd53586c3d2f4316eb6cebb242f49be1ef
- SHA512
  
  d7678287f5850397ce05a2711da1cd682ecb5c9c39c18d1fae01f0aa6cf786d1f110887ab2bf27cd93316c416a09f87161a9a32b6f149d572ee5ccccd24aaa8d
- SSDEEP
  
  6144:+L1ncfWwN0oc35jeRh8Xqfy/Ka1OHAH0tMrKCTEABG+Z9d3cQT/9nR4Ioy19:+LdcfxaeM6fy/KaVUtgKkTZ73coNRJ
Score

10^/10

babylonrat trojan upx
- Babylon RAT
  Babylon RAT is remote access trojan written in C++.
  trojan babylonrat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Babylon RAT

Checks computer location settings

Executes dropped EXE

UPX packed file

Babylon RAT

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8