Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
15-07-2024 00:59
Behavioral task
behavioral1
Sample
download.bin.exe
Resource
win7-20240708-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
download.bin.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
download.bin.exe
-
Size
1.8MB
-
MD5
b484746a2fc6397abda9757fc3f978f3
-
SHA1
aaac8e51a69e27fc05ac2e3bde232fafaf638526
-
SHA256
57b5a6c752a24058eb51cb09a2a031f6a618ac0da644e1f91646aa088613b34b
-
SHA512
0eee94ebdf51373014e1097dc5aa9a62dc73fe4b890a5960b06b3113dac14ecb047d276a37a6380efc5f4f8256abfcac531fc7d066ee68fcea8a9ce1dcc419ba
-
SSDEEP
49152:F6j0TvZzNlNk3w00SZxJVgQXB/amVWP4AVcPI:o4TRRTk3w0z7yPRVcP
Score
10/10
Malware Config
Signatures
-
Babylon RAT
Babylon RAT is remote access trojan written in C++.
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1508 download.bin.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeShutdownPrivilege 1508 download.bin.exe Token: SeDebugPrivilege 1508 download.bin.exe Token: SeTcbPrivilege 1508 download.bin.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1508 download.bin.exe