General
-
Target
98cc23413643687bdbde05711e7a15b557db096668d34d662d1b9c4f2fea4243
-
Size
2.3MB
-
Sample
241023-3fs9kawgmm
-
MD5
a7997c11504545455fe1961f22f0dc9b
-
SHA1
81319019760243ea119966bdde1a9afae01009cc
-
SHA256
98cc23413643687bdbde05711e7a15b557db096668d34d662d1b9c4f2fea4243
-
SHA512
be089fff0dc8300356f57d8504c849b333974501b2bb00786030ecdb1a548a9d31e77d687feaa223ee23c2ddd0b1be6f4136c6934c622db69c5a278f9b8137d1
-
SSDEEP
24576:x1r43sfARB7U4kieI1SqjEDKcSrJIvJiu/AxWtV:Pr43o67TrXIqjbcS6vJT6WtV
Malware Config
Extracted
babylonrat
doddyfire.dyndns.org
doddyfire.linkpc.net
Targets
-
-
Target
98cc23413643687bdbde05711e7a15b557db096668d34d662d1b9c4f2fea4243
-
Size
2.3MB
-
MD5
a7997c11504545455fe1961f22f0dc9b
-
SHA1
81319019760243ea119966bdde1a9afae01009cc
-
SHA256
98cc23413643687bdbde05711e7a15b557db096668d34d662d1b9c4f2fea4243
-
SHA512
be089fff0dc8300356f57d8504c849b333974501b2bb00786030ecdb1a548a9d31e77d687feaa223ee23c2ddd0b1be6f4136c6934c622db69c5a278f9b8137d1
-
SSDEEP
24576:x1r43sfARB7U4kieI1SqjEDKcSrJIvJiu/AxWtV:Pr43o67TrXIqjbcS6vJT6WtV
Score10/10-
Babylon RAT
Babylon RAT is remote access trojan written in C++.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1