babylonrat | a4aac1323e3a175a3bc3b49176a364a00cde6fc55ef3bfbdb6e65be197d313cf

Sharing

Copy URL

Twitter E-mail

General

Target

d9f0268cbaa1ae45dfa755adab9dda2d8bdff3c8bf8a00d23bbc6894c28e225f.zip
Size

301.1MB
Sample

240828-r554wathpm
MD5

61e2a9f5bbb30eb36c0928ed90ce6ae6
SHA1

75660065783aeb0f5addb4c73b927ba0b4455769
SHA256

a4aac1323e3a175a3bc3b49176a364a00cde6fc55ef3bfbdb6e65be197d313cf
SHA512

cf3c4c4c326dfc4f096039191bcee32cdf981b4492b8ffac95839889c63fa701e1a3e7a965e4642f55f5a0a85798596c98a96fb558fcdf9cfe10c1eda2fe775a
SSDEEP

6291456:UtfHLnhapc6UQ5cBe4raaM7N+2i35r6pLOfEL44iL:Kfdapc6FEWk5rei8L43L

Score

10^/10

Malware Config

Extracted

Family

babylonrat

149.28.19.207

fund.sekretariatparti.org

Targets

- Target
  
  d9f0268cbaa1ae45dfa755adab9dda2d8bdff3c8bf8a00d23bbc6894c28e225f.zip
- Size
  
  301.1MB
- MD5
  
  61e2a9f5bbb30eb36c0928ed90ce6ae6
- SHA1
  
  75660065783aeb0f5addb4c73b927ba0b4455769
- SHA256
  
  a4aac1323e3a175a3bc3b49176a364a00cde6fc55ef3bfbdb6e65be197d313cf
- SHA512
  
  cf3c4c4c326dfc4f096039191bcee32cdf981b4492b8ffac95839889c63fa701e1a3e7a965e4642f55f5a0a85798596c98a96fb558fcdf9cfe10c1eda2fe775a
- SSDEEP
  
  6291456:UtfHLnhapc6UQ5cBe4raaM7N+2i35r6pLOfEL44iL:Kfdapc6FEWk5rei8L43L
Score

10^/10

babylonrat discovery execution link pdf persistence trojan upx
- Babylon RAT
  Babylon RAT is remote access trojan written in C++.
  trojan babylonrat
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2
- Target
  
  d9f0268cbaa1ae45dfa755adab9dda2d8bdff3c8bf8a00d23bbc6894c28e225f/PANDUAN_PENGGUNA_MyKHAS.lnk
- Size
  
  3KB
- MD5
  
  843154177ad124c22d0107ea786b82f8
- SHA1
  
  c0d80dfd81bd6b59ae8effad3e2e643da93becb9
- SHA256
  
  b9dddf801db527b3895409443fadeeced176b3ccac220395f700e91b151076b0
- SHA512
  
  527291e9d492b0891277a9fdf13e5dcd41aed2fb993ba8c3eaa9a3adc42393548f9f3e0b39ead176087949787aa2bc407c6512684be4c3913702d6abf1a947a8
Score

10^/10

babylonrat discovery execution persistence trojan upx
- Babylon RAT
  Babylon RAT is remote access trojan written in C++.
  trojan babylonrat
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral3 behavioral4
- Target
  
  d9f0268cbaa1ae45dfa755adab9dda2d8bdff3c8bf8a00d23bbc6894c28e225f/PANDUAN_PENGGUNA_MyKHAS.pdf
- Size
  
  378KB
- MD5
  
  70588b0f7d0c41eaf361dec75814dee5
- SHA1
  
  ed9a1f824a751ed45ab974c7c7d918edc1854be0
- SHA256
  
  ccaab434da496d577632664aa7752dea2e66870b470fec7b44957425be4a6db3
- SHA512
  
  eaeeb28e2eb182b85b1d9ddbeaddd95414d087360c3258053e1560d21e396e39b81a9f6dc77f31aee0415d58f1ea6a02f79e4faf04d81726c35ac9fcf4fd5048
- SSDEEP
  
  6144:DlDpxoBOXnHBq4TkrZ/IUOF3pixCbkwrbw6Bi4eFZV7NkuM4dfgBhf6OXLKzZ:vxoBOXnHfTw/U3ExXsw6BS7Ni4taSO7O
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  d9f0268cbaa1ae45dfa755adab9dda2d8bdff3c8bf8a00d23bbc6894c28e225f/PANDUAN_PENGGUNA_MyKHAS.ps1
- Size
  
  627B
- MD5
  
  e7d2e1452702bc0de5a92e745dbdc4a9
- SHA1
  
  da8e9f9f43e29f02e5a0332239f38416f4dff844
- SHA256
  
  b348935e378b57001e6b41d96ae498ca00dd9fb296115a4e036dad8ccc7155d3
- SHA512
  
  28d2c9690f5f104e73404fa025bb09ca3c189b968716ac25f06f3e5c09ad719b17dc5319035f4172e91bb1c74797a4137f2a81f226f0d6ed25a900d1ba1b1293
Score

10^/10

babylonrat discovery execution persistence trojan upx
- Babylon RAT
  Babylon RAT is remote access trojan written in C++.
  trojan babylonrat
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral7 behavioral8
- Target
  
  d9f0268cbaa1ae45dfa755adab9dda2d8bdff3c8bf8a00d23bbc6894c28e225f/controller.exe
- Size
  
  300.8MB
- MD5
  
  a17a1666f47953d6e505182909c74170
- SHA1
  
  b1054b4702ff9b112dfdf8ce40f0fdf399ba8a95
- SHA256
  
  f21ae37cb39658a62c9aaa945eb4dc2b33aebe4afeb5374d36328589a53e0982
- SHA512
  
  406734af8e7feb8a0736740295a25734cf12e89fb0e8785d33199debe2ce49a6d33bf8f4a7d6bc73b9ae1f91d288a77af41e204c8e61be59c64d153b0e7642db
- SSDEEP
  
  6291456:etfHLnhapc6UQ5cBe4raaM7N+2i35r6pLOfEL44iC:Qfdapc6FEWk5rei8L43C
Score

10^/10

babylonrat discovery trojan upx
- Babylon RAT
  Babylon RAT is remote access trojan written in C++.
  trojan babylonrat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Babylon RAT

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

UPX packed file

Adds Run key to start application

Babylon RAT

Command and Scripting Interpreter: PowerShell

Checks computer location settings

Executes dropped EXE

UPX packed file

Adds Run key to start application

Babylon RAT

Executes dropped EXE

UPX packed file

Adds Run key to start application

Babylon RAT

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10