babylonrat | 77c64394f2e7191d28d11392886b109cd5a3c3ac2f704ecae063ea64f6528461 | Triage

Sharing

General

Target

BabylonRAT Builder.7z
Size

4.0MB
Sample

240702-bp4ccavdkn
MD5

79dfdf0cfc349e7f69c42011ade40481
SHA1

7053a467855255c76d8556b50d2ed7af92d89ee0
SHA256

77c64394f2e7191d28d11392886b109cd5a3c3ac2f704ecae063ea64f6528461
SHA512

6dd51a80c030167038d51afb83fc8c9f00719b2c0ad015eaf1903e28264267634bfa031c27db9a51216b6c27a033b9b26d431c3ef0a9374b473443402e53fe5b
SSDEEP

98304:KCCthPqnwfdeRk1Fe+NqNmjJEcF9RX4cVi09PgD79YdG35Mnzrey:KC7nwfdeRke+NqgjJEcnl4cge4DBYd6c

Score

10^/10

babylonrat trojan upx

Malware Config

Targets

- Target
  
  BabylonRAT Builder.7z
- Size
  
  4.0MB
- MD5
  
  79dfdf0cfc349e7f69c42011ade40481
- SHA1
  
  7053a467855255c76d8556b50d2ed7af92d89ee0
- SHA256
  
  77c64394f2e7191d28d11392886b109cd5a3c3ac2f704ecae063ea64f6528461
- SHA512
  
  6dd51a80c030167038d51afb83fc8c9f00719b2c0ad015eaf1903e28264267634bfa031c27db9a51216b6c27a033b9b26d431c3ef0a9374b473443402e53fe5b
- SSDEEP
  
  98304:KCCthPqnwfdeRk1Fe+NqNmjJEcF9RX4cVi09PgD79YdG35Mnzrey:KC7nwfdeRke+NqgjJEcnl4cge4DBYd6c
Score

3^/10
behavioral1 behavioral2
- Target
  
  BuilderBabylonRAT/Babylon RAT/Babylon RAT.exe
- Size
  
  6.7MB
- MD5
  
  aecdce1d7e2a637d1dcacd2b4580487b
- SHA1
  
  d5cd12f7a18d6777c9ec8458694aa3a74fd23701
- SHA256
  
  9157a48c53ca7a4543bac5b771886c87ea407bab6bbb053b50bc22709111d572
- SHA512
  
  8bb5ad64f1b2e75e47c4671396a713018c74c44e84803887c6b4a200ea85f4c020ccfe15211af3899cdcf9d0f46ef994bfd939e462f61062044874f7a64d7a35
- SSDEEP
  
  98304:KbldsCQTcsBL54TRRTk3w0ZIWoPzSSosDlh7OLifNLxu2UVaCS2e7Csb6j9cgl36:GnPsHqRwvoPzSSosDlhCKzi9/2BO4T
Score

10^/10

babylonrat trojan upx
- Babylon RAT
  Babylon RAT is remote access trojan written in C++.
  trojan babylonrat
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
behavioral3 behavioral4
- Target
  
  BuilderBabylonRAT/Babylon RAT/Changelog.txt
- Size
  
  3KB
- MD5
  
  05915850d7aedf64ea1142aba7efebc7
- SHA1
  
  c63a05940db27f2bfe9f1e7c8582c21d688c0177
- SHA256
  
  03807f8105ee10266d36784b7716e34c88daca528aeb3c934853153455f01302
- SHA512
  
  96d509efb1af3df03dd2fa67321f7500cc925268e9fe1e61e1a46739a6b08592ac672014dcd137c00393462c80cf73477644ff4c746de44592cf39b8a07beac3
Score

1^/10
behavioral5 behavioral6
- Target
  
  BuilderBabylonRAT/Babylon RAT/ObjectListView.dll
- Size
  
  405KB
- MD5
  
  de9f71635fb8532bd5202086097c2083
- SHA1
  
  6fafef29e6964209122555745a89ba3d1237f762
- SHA256
  
  1fa030cdd98f653fcaa109af5c48f3d58f624aa671a980628397c6c6bc6433be
- SHA512
  
  c82c7d79af86826fbf9f6519fd37c456017af9f77a6b05afa81a823f7a1be8a04bf2fc5ee32175a92803e9d0a34277b655571428cf655dd07abfd9d87f78568d
- SSDEEP
  
  6144:thiBxWw1YQ0K4/INLROMAYnMj108hIrH4puTHgaNe7lVG7UGO0UOP95QvMrLi:thCx11LsI/DtnQ1YrH4puTHgOrL
Score

1^/10
behavioral7 behavioral8
- Target
  
  BuilderBabylonRAT/Babylon RAT/SharpDX.DXGI.dll
- Size
  
  87KB
- MD5
  
  ce9d63a67dc2d2e23b92136c43baa02b
- SHA1
  
  1ea7dc92963778e44f3c045dac707958082179e5
- SHA256
  
  46ee8cc2375cb009c8d85948cfbd0b82e378c756f1eeef95427c45e0ce5b015d
- SHA512
  
  6e169f0d0839532c33495cbb0441801cc31ae3a7e6b5a3236dc8187c8566abeb744a784cf974319caf1820e972b3d00f1bf51e6fa5a608dcaa2c5ac0e7751ff7
- SSDEEP
  
  1536:dgd4T6pv//Ak/taAgZ2Owg28ShSCivO5Ib6VU3x8yFa0H:dgdV3/AdHZRT+ig0H
Score

1^/10
behavioral10 behavioral9
- Target
  
  BuilderBabylonRAT/Babylon RAT/SharpDX.Direct2D1.dll
- Size
  
  225KB
- MD5
  
  ae45e105c17ccf8cd41df6235a7096a7
- SHA1
  
  c5b53247b83ce4ee60e0c6ee724e4bd6beb0f996
- SHA256
  
  c45dd7155f828b9491dc2befd092f7be8d6d43bc37616fd1c9bfd5d8875206be
- SHA512
  
  174784ea15cf6cae8db08bce529fffaf005d94338cff540869214f68ac4e80fb1d4a441a18a57586f7db2a7197347df89df2629f1e3765aebfad47beedc9e7e6
- SSDEEP
  
  3072:h1PS247ZU+Jbs+pVOuR2FJT1OXeIfkfRCgOpsCUYpCUYwOSUg/t2z1A2HxdA0E33:hkC+pKrT1qeIfkME7EhSe5
Score

1^/10
behavioral11 behavioral12
- Target
  
  BuilderBabylonRAT/Babylon RAT/SharpDX.Direct3D10.dll
- Size
  
  174KB
- MD5
  
  93ea6468faf23ad7017e5f1885cf85e9
- SHA1
  
  c25f58172d25c7cdc622355e6db38722760bb9e5
- SHA256
  
  c03a671bbf25a4cca0030aedd352be04e1b75ecc4d88f590057252735322974f
- SHA512
  
  d1c05ae043f90665f9e741c4c1dead821c65004fed5ca0ffd5c557b2245ab5577ce48728a46f56cc66b401f6878e217e6fbdf7f1a0c77d4b333ff9b1256f9a64
- SSDEEP
  
  3072:a8HZkOrSS+EpH/OPSXev8xskvFxvD6IXiVNsGaF/daKa7Zj:lkTMpfOP50xskvFxvD6IXiVNqdaK6
Score

1^/10
behavioral13 behavioral14
- Target
  
  BuilderBabylonRAT/Babylon RAT/SharpDX.dll
- Size
  
  538KB
- MD5
  
  1ede43c66b29696c7c6664b9faf7e5aa
- SHA1
  
  55c1e0a5d0995e7dce2bb07a1ccdfca67c8b9fea
- SHA256
  
  f1f7da12c754215d8ad2a4b987f772722fa575bb34b33856adf5b39b28e3d5ee
- SHA512
  
  0d4da4bd00f54a2a7dc1f2d985f2d65755fd6df0a40f74a312b7c8f9ccf64156b97ce4a36646a4fc373e0fadd42355dedd5ad9177cfc20a636e23cb452e315aa
- SSDEEP
  
  6144:+Ibd7KIBofkCPfAVdX4e0RrSgTFW4rg6KSyhlEaoksQiyqFKW0mhuPPZ:dblEPfAVd1OG4csOeabE0mQ
Score

1^/10
behavioral15 behavioral16
- Target
  
  BuilderBabylonRAT/Babylon RAT/Theme.dll
- Size
  
  87KB
- MD5
  
  2b61363f4f52a821908efb18d7a9bcb4
- SHA1
  
  7ea57f6afb82a003289ee2461121c347e8362ecc
- SHA256
  
  5138867aa5100c833faddba8ff8f0e5c61a535b8c34ef367cb3f095f56cd6521
- SHA512
  
  7ee8c751afab022e0e0de480838274ee2f4bfd637e45dbd9998ff6e9aca582a9ac14e86ebc96a913e321bd674a77234e90b747d43755deafaadc6bcb894cacfc
- SSDEEP
  
  1536:s8O+YIDwzYKtrhOFCzj6MqAqHCGLAMhng70L6eTsDmL:zG6MqpHPLPh1DzL
Score

1^/10
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

babylonrattrojanupx

behavioral4

babylonrattrojan

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18