Overview

overview

10

Static

static

3

PDFview.exe

windows7-x64

10

PDFview.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    131s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    28/08/2024, 11:53 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PDFview.exe

  • Size

    301.0MB

  • MD5

    bc598aa0d798948e0d1a9184e0e4be5e

  • SHA1

    8c20b018a33092be4b73c569380ae463d956aec1

  • SHA256

    77e22b511cd236cae46f55e50858aea174021a1cd431beaa5e7839a9d062e4c7

  • SHA512

    822f98b256dd75cbfe4ab720cacff4b60cfa18922ac259e8cb99cf57cb8b7ec6e69df9c6ba8179d19001c16aaea9f546ec17ac43b6c19f4de924a98d68eb0ab2

  • SSDEEP

    6291456:iIVKn0F7r0SL1Q2VlTstG5AP6dRM9o/bILtQXIEqpIc32:iIInAfd5z4sZdRBMOXtq2cm

Score
10/10
babylonratdiscoverytrojanupx

Malware Config

Extracted

Family

babylonrat

C2

64.176.65.152

Signatures

  • Babylon RAT

    Babylon RAT is remote access trojan written in C++.

    trojanbabylonrat
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PDFview.exe
    "C:\Users\Admin\AppData\Local\Temp\PDFview.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1712

Network

    No results found
  • 64.176.65.152:443
    PDFview.exe
    152 B
     3
  • 64.176.65.152:443
    PDFview.exe
    152 B
     3
  • 64.176.65.152:443
    PDFview.exe
    152 B
     3
  • 64.176.65.152:443
    PDFview.exe
    152 B
     3
  • 64.176.65.152:443
    PDFview.exe
    152 B
     3
  • 64.176.65.152:443
    PDFview.exe
    152 B
     3
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1712-0-0x00000000004C0000-0x000000000058A000-memory.dmp

    Filesize

    808KB

    Download

  • memory/1712-1-0x00000000004C0000-0x000000000058A000-memory.dmp

    Filesize

    808KB

    Download

  • memory/1712-2-0x00000000004C0000-0x000000000058A000-memory.dmp

    Filesize

    808KB

    Download

  • memory/1712-6-0x00000000004C0000-0x000000000058A000-memory.dmp

    Filesize

    808KB

    Download

  • memory/1712-4-0x00000000004C0000-0x000000000058A000-memory.dmp

    Filesize

    808KB

    Download

  • memory/1712-3-0x00000000004C0000-0x000000000058A000-memory.dmp

    Filesize

    808KB

    Download

  • memory/1712-7-0x00000000004C0000-0x000000000058A000-memory.dmp

    Filesize

    808KB

    Download

  • memory/1712-9-0x00000000004C0000-0x000000000058A000-memory.dmp

    Filesize

    808KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.