Extracted

• • Target

    3004ccb109a29d66697eece46e437bfbd3a78aa801a8eb998d05d8774cc7528d

  • Size

    2.3MB

  • MD5

    680aedcf312e4ae1d5929cff6404d047

  • SHA1

    b3199984d0ae28d4b09e31544361d0e693524160

  • SHA256

    3004ccb109a29d66697eece46e437bfbd3a78aa801a8eb998d05d8774cc7528d

  • SHA512

    eeb2b25c0f6e873ca04546fc19a1000313ea917c098dd18599398f25747349c6e84a7e744bdd1f80c4b70b2243a4e46f7c620c04b46cc74c89348263c20e4b83

  • SSDEEP

    24576:x1r43sfARB7U4kieI1SqjEDKcSrJIvJiu/AxWtn:Pr43o67TrXIqjbcS6vJT6Wtn

  Score

  10^/10

  babylonratdiscoverypersistencetrojan

  • Babylon RAT

    Babylon RAT is remote access trojan written in C++.

    trojanbabylonrat

  • Babylonrat family

    babylonrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2