babylonrat | 80d4bbe7928b802bad4d3a380a84be956c29e332b9e8239bfe3efba627bb0ddc

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
07-08-2024 05:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Babylon RAT/Babylon RAT.exe
Size

6.7MB
MD5

aecdce1d7e2a637d1dcacd2b4580487b
SHA1

d5cd12f7a18d6777c9ec8458694aa3a74fd23701
SHA256

9157a48c53ca7a4543bac5b771886c87ea407bab6bbb053b50bc22709111d572
SHA512

8bb5ad64f1b2e75e47c4671396a713018c74c44e84803887c6b4a200ea85f4c020ccfe15211af3899cdcf9d0f46ef994bfd939e462f61062044874f7a64d7a35
SSDEEP

98304:KbldsCQTcsBL54TRRTk3w0ZIWoPzSSosDlh7OLifNLxu2UVaCS2e7Csb6j9cgl36:GnPsHqRwvoPzSSosDlhCKzi9/2BO4T

Score

10^/10

babylonrat discovery trojan

Malware Config

Signatures

Babylon RAT
Babylon RAT is remote access trojan written in C++.
trojan babylonrat
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

Babylon RAT.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Babylon RAT.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

Babylon RAT.exe

pid process

1996 Babylon RAT.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

Babylon RAT.exe

pid process

1996 Babylon RAT.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Babylon RAT.exe

pid	process
1996	Babylon RAT.exe

pid	process
1996	Babylon RAT.exe

C:\Users\Admin\AppData\Local\Temp\Babylon RAT\Babylon RAT.exe
"C:\Users\Admin\AppData\Local\Temp\Babylon RAT\Babylon RAT.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1996-0-0x0000000074A6E000-0x0000000074A6F000-memory.dmp

Filesize
4KB

Download
memory/1996-1-0x0000000001170000-0x0000000001832000-memory.dmp

Filesize
6.8MB

Download
memory/1996-2-0x0000000074A60000-0x000000007514E000-memory.dmp

Filesize
6.9MB

Download
memory/1996-3-0x0000000000420000-0x000000000043E000-memory.dmp

Filesize
120KB

Download
memory/1996-4-0x00000000004D0000-0x000000000053C000-memory.dmp

Filesize
432KB

Download
memory/1996-5-0x0000000074A60000-0x000000007514E000-memory.dmp

Filesize
6.9MB

Download
memory/1996-6-0x0000000074A60000-0x000000007514E000-memory.dmp

Filesize
6.9MB

Download
memory/1996-7-0x0000000074A6E000-0x0000000074A6F000-memory.dmp

Filesize
4KB

Download
memory/1996-8-0x0000000074A60000-0x000000007514E000-memory.dmp

Filesize
6.9MB

Download
memory/1996-9-0x0000000074A60000-0x000000007514E000-memory.dmp

Filesize
6.9MB

Download