Overview

overview

10

Static

static

3

40d74a5a02...18.exe

windows7-x64

10

40d74a5a02...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    40d74a5a028765d158afa53a9cf69556_JaffaCakes118

  • Size

    1.3MB

  • Sample

    241013-trk8navhmg

  • MD5

    40d74a5a028765d158afa53a9cf69556

  • SHA1

    20e36e3f82d725430c46a752b46b11b9e2342272

  • SHA256

    12a3610e72a00b67a86780d45e2bd0e38d41144275b352247232d47282567384

  • SHA512

    93321752dfaf1da0ae4217ad41e9eaa86f74e2e6acc3f2e8bcd0cbf18eba460635ef003b58708344fbf21ca2e76bebf26f2ec1b0f42148d6cab7625d9bb00c51

  • SSDEEP

    24576:ZSQHqj7vff5cIymms7K9OpkToGGTNd2+EHJnl+GyDDr4+os9V/WGNMx7lM/v3Q+j:ZSQK3mIyml7lZT321H5lDyDn4s9ZBvAK

Score
10/10
babylonratdiscoverypersistencetrojan

Malware Config

Targets

    • Target

      40d74a5a028765d158afa53a9cf69556_JaffaCakes118

    • Size

      1.3MB

    • MD5

      40d74a5a028765d158afa53a9cf69556

    • SHA1

      20e36e3f82d725430c46a752b46b11b9e2342272

    • SHA256

      12a3610e72a00b67a86780d45e2bd0e38d41144275b352247232d47282567384

    • SHA512

      93321752dfaf1da0ae4217ad41e9eaa86f74e2e6acc3f2e8bcd0cbf18eba460635ef003b58708344fbf21ca2e76bebf26f2ec1b0f42148d6cab7625d9bb00c51

    • SSDEEP

      24576:ZSQHqj7vff5cIymms7K9OpkToGGTNd2+EHJnl+GyDDr4+os9V/WGNMx7lM/v3Q+j:ZSQK3mIyml7lZT321H5lDyDn4s9ZBvAK

    Score
    10/10
    babylonratdiscoverypersistencetrojan

    • Babylon RAT

      Babylon RAT is remote access trojan written in C++.

      trojanbabylonrat

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks