Behavioral task
behavioral1
Sample
babaya new.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
babaya new.exe
Resource
win10v2004-20241007-en
General
-
Target
babaya new.exe
-
Size
78KB
-
MD5
7209d6899561c71ca335c2d795d67ae3
-
SHA1
eb5685dbd5db4d2800649dc3fcc57b9a6917d09a
-
SHA256
7f63a4691f7d818ef1868d269d38862c0a19dcda170cdb5dd8788d8d451a548c
-
SHA512
cab4cb58746ff45766fd1566e6a3879d5ff85c759ee620fca9d305dfdd85a8c526d1b296683541821b87bd00e6b678a046d5c9c4b7d7badcb8386b4db8029e92
-
SSDEEP
1536:K2WjO8XeEXF15P7v88wbjNrfxCXhRoKV6+V+VPIC:KZb5PDwbjNrmAE+FIC
Malware Config
Extracted
discordrat
-
discord_token
https://discord.com/api/webhooks/1296206480852127744/QR0Ij0ivxObUlFMF780C3YZ5TxjdP8PCuVx-iht_GGwTaj8HwwmhOy18jEHc0UiQWQO2
-
server_id
1296206452741902457
Signatures
-
Discordrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource babaya new.exe
Files
-
babaya new.exe.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 76KB - Virtual size: 76KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ