Extracted

• • Target

    23b101ef7ee302d8ef4fb86266343f54a7d1250080a68b3aad7f7fd1bdb78358

  • Size

    2.3MB

  • MD5

    86b78d0385dcd977ec0bb2d65a11611d

  • SHA1

    d756ae4d08c2bff65455a0a4699436594cb57396

  • SHA256

    23b101ef7ee302d8ef4fb86266343f54a7d1250080a68b3aad7f7fd1bdb78358

  • SHA512

    7ae019ab651ec23b3b98bb86af992e2cc44bb5dbec3d8f29278d2fb994fcca679842b23e985b4361af9ebe47771dc989a8aac2a4c2392acf4cfed4e1c36f83c9

  • SSDEEP

    24576:x1r43sfARB7U4kieI1SqjEDKcSrJIvJiu/AxWt+:Pr43o67TrXIqjbcS6vJT6Wt+

  Score

  10^/10

  babylonratdiscoverypersistencetrojan

  • Babylon RAT

    Babylon RAT is remote access trojan written in C++.

    trojanbabylonrat

  • Babylonrat family

    babylonrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2