babylonrat | d3c2fc4b4c95b10edf25c7321e59ee0aa747432dc2cf7fd719d0046aa62103fe

Analysis

max time kernel
23s
max time network
19s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18-08-2024 21:15

Target

Babylon-RAT.exe
Size

4.6MB
MD5

e2a98acbc9fad38b4e919fbd79c12b38
SHA1

68564ddbe217f713cdf7a5c186c7d7cf6200680e
SHA256

d3c2fc4b4c95b10edf25c7321e59ee0aa747432dc2cf7fd719d0046aa62103fe
SHA512

058b1acf064feed82bdcdb74f2049ec761a75ca8f0732866cab446b4fa96ac580c972642cd117747dea4c968b6eb6c16182a07e95092ff8d687003c8e63993ab
SSDEEP

49152:H5jczOiYgLIAL5aLUqmsRQJ5oc36KVOrY8i3CE36Ocs0GUEI/dx:Ri7IA5Qfmboc366oi3Z3uhh/H

Score

10^/10

babylonrat trojan

Babylon RAT
Babylon RAT is remote access trojan written in C++.
trojan babylonrat

Suspicious use of FindShellTrayWindow 3 IoCs

Suspicious use of SendNotifyMessage 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3328 wrote to memory of 1448	3328	cmd.exe	99
PID 3328 wrote to memory of 1448	3328	cmd.exe	99
PID 3328 wrote to memory of 5004	3328	cmd.exe	100
PID 3328 wrote to memory of 5004	3328	cmd.exe	100

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4188

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3328
- C:\Users\Admin\AppData\Local\Temp\Babylon-RAT.exe
  Babylon-RAT.exe
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1448
- C:\Users\Admin\AppData\Local\Temp\Babylon-RAT.exe
  Babylon-RAT.exe
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:5004

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Babylon-RAT.exe.log

Filesize
1KB

MD5
baf55b95da4a601229647f25dad12878

SHA1
abc16954ebfd213733c4493fc1910164d825cac8

SHA256
ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924

SHA512
24f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545

Download Submit
memory/1448-6-0x00007FF99BF93000-0x00007FF99BF95000-memory.dmp

Filesize
8KB

Download
memory/1448-8-0x00007FF99BF90000-0x00007FF99CA51000-memory.dmp

Filesize
10.8MB

Download
memory/4272-0-0x00007FF99E433000-0x00007FF99E435000-memory.dmp

Filesize
8KB

Download
memory/4272-1-0x00000000000F0000-0x0000000000152000-memory.dmp

Filesize
392KB

Download
memory/4272-2-0x000000001AE50000-0x000000001B61E000-memory.dmp

Filesize
7.8MB

Download
memory/4272-4-0x00007FF99E430000-0x00007FF99EEF1000-memory.dmp

Filesize
10.8MB

Download
memory/4272-5-0x00007FF99E430000-0x00007FF99EEF1000-memory.dmp

Filesize
10.8MB

Download