Overview

overview

10

Static

static

3

2024-12-28...uk.exe

windows7-x64

1

2024-12-28...uk.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-12-28_c7e3af8640a875bfca96e6f8059e7246_ryuk

  • Size

    1.7MB

  • Sample

    241228-v4t7rszmb1

  • MD5

    c7e3af8640a875bfca96e6f8059e7246

  • SHA1

    c770b5bfea1014a7d05f3dd204009598859b5c6d

  • SHA256

    4f7309e61135f65171ee3377d9503a4139b3315d2e68424dced864051cafba2e

  • SHA512

    1073dab4115aa786f7fa0dc94b8936a726eeb99d6f3231fe4de2d3be80868fac0ade0c39c3bd3eeeccb3bd4bae0ecd9acd0967bfa4de8d606b9900c725b985c7

  • SSDEEP

    24576:g6+UJfQ3VSYnQJRXvKxZF5hI+ro3xXPyjlbsqJBaS28b:PBQ3VSYCRXvKxZ5X03xXPcF9Ftb

Score
10/10
babylonratdiscoverytrojanupx

Malware Config

Extracted

Family

babylonrat

C2

91.227.18.174

Targets

    • Target

      2024-12-28_c7e3af8640a875bfca96e6f8059e7246_ryuk

    • Size

      1.7MB

    • MD5

      c7e3af8640a875bfca96e6f8059e7246

    • SHA1

      c770b5bfea1014a7d05f3dd204009598859b5c6d

    • SHA256

      4f7309e61135f65171ee3377d9503a4139b3315d2e68424dced864051cafba2e

    • SHA512

      1073dab4115aa786f7fa0dc94b8936a726eeb99d6f3231fe4de2d3be80868fac0ade0c39c3bd3eeeccb3bd4bae0ecd9acd0967bfa4de8d606b9900c725b985c7

    • SSDEEP

      24576:g6+UJfQ3VSYnQJRXvKxZF5hI+ro3xXPyjlbsqJBaS28b:PBQ3VSYCRXvKxZ5X03xXPcF9Ftb

    Score
    10/10
    babylonratdiscoverytrojanupx

    • Babylon RAT

      Babylon RAT is remote access trojan written in C++.

      trojanbabylonrat

    • Babylonrat family

      babylonrat

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.