Overview

overview

10

Static

static

3

HuzuniSetup.exe

windows7-x64

5

HuzuniSetup.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e4ecc1818dda92598b5578018756e19b_JaffaCakes118

  • Size

    370KB

  • Sample

    241212-f9rw9ssldz

  • MD5

    e4ecc1818dda92598b5578018756e19b

  • SHA1

    4c8b18bca76777400c2caafa7b526beb8629a586

  • SHA256

    27d05a75f5b411a4872983603c06bbdb1851405fb000367b35bb7988d46e069d

  • SHA512

    ad54df235426da05ae2abb9011ea320e3bcbae72b624121a0cd5f34cfeabbb82956eea96f92cbd2ab1727cddb5eb5201f1bb057b340344131f47b481cf851ce8

  • SSDEEP

    6144:hfsgAWn6RSkO4wMFMbuhVC2oUlDgvSJhWS/D0rLseQ5tF4oHYf1/4bkLr0kGfiMn:hkgAjRS6LFMew4gqd/4r5QR4iYd/4bkg

Score
10/10
babylonratdiscoverytrojanupx

Malware Config

Extracted

Family

babylonrat

C2

ribbity1.duckdns.org

ribbity2.duckdns.org

Targets

    • Target

      HuzuniSetup.exe

    • Size

      400KB

    • MD5

      b1de506771830dfcf40a8abfe0ad0daf

    • SHA1

      1ae7d9ef3c5c9ce0de265e839e53200abdc05d70

    • SHA256

      f6c96f4b5c9d3128f09d9fef62f6b302f99ebe9ce5b7c7a373d26e5354b34906

    • SHA512

      52ebb0aecd4b5c55d8ff5e4815746243e1359ce40203ebae06a7b041d8ec71fd7aa2d8987e6bb26a064c50cadd433972c677ce7cfca2a79bb1f3672fb2f898ed

    • SSDEEP

      6144:SsGHLDgnrJB8WiHCVQtiw/Dn/o3jzerUufi285wYUKi55lnlX:S3DYJB8WiHCVQXr/yB285wdlX

    Score
    10/10
    discoveryupxbabylonrattrojan

    • Babylon RAT

      Babylon RAT is remote access trojan written in C++.

      trojanbabylonrat

    • Babylonrat family

      babylonrat

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks