babylonrat | dcd2a5fdcbba96f26247f193d5e68b5673fe48236b1b7d6a6af1842e5b80c14e | Triage

Submit
Reports

Overview

overview

Static

static

3

dcd2a5fdcb...4e.exe

windows7-x64

dcd2a5fdcb...4e.exe

windows10-2004-x64

Sharing

General

Target

dcd2a5fdcbba96f26247f193d5e68b5673fe48236b1b7d6a6af1842e5b80c14e.exe
Size

735KB
Sample

250119-w5jm4a1jej
MD5

228964fd171143c0fc1a2c7067857159
SHA1

eda5e7b3ce61ad23c579c953e8b3fa79aa167321
SHA256

dcd2a5fdcbba96f26247f193d5e68b5673fe48236b1b7d6a6af1842e5b80c14e
SHA512

3ca61bc0eac3cd487e681c48db0523ffd9d0bf7de4e65e284f66810e91914b2d0e33a511e6eaee240ae8b2a4160a18311d685f587845bd1a6ae98f6e01520847
SSDEEP

12288:trsTMcgRdrEAzvHG4z2T6DSsyXUGz2FcFe0fySvZyESEGWKm:trsaRdrEAbm4zbryUGCMfySQ3m

Score

10^/10

babylonrat discovery persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

dcd2a5fdcbba96f26247f193d5e68b5673fe48236b1b7d6a6af1842e5b80c14e.exe

Resource

win7-20241010-en

babylonrat discovery persistence trojan upx

windows7-x64

14 signatures

120 seconds

Behavioral task

behavioral2

Sample

dcd2a5fdcbba96f26247f193d5e68b5673fe48236b1b7d6a6af1842e5b80c14e.exe

Resource

win10v2004-20241007-en

babylonrat discovery persistence trojan upx

windows10-2004-x64

13 signatures

120 seconds

Malware Config

Extracted

Family

babylonrat

C2

cb4cb4.ddns.net

Targets

- Target
  
  dcd2a5fdcbba96f26247f193d5e68b5673fe48236b1b7d6a6af1842e5b80c14e.exe
- Size
  
  735KB
- MD5
  
  228964fd171143c0fc1a2c7067857159
- SHA1
  
  eda5e7b3ce61ad23c579c953e8b3fa79aa167321
- SHA256
  
  dcd2a5fdcbba96f26247f193d5e68b5673fe48236b1b7d6a6af1842e5b80c14e
- SHA512
  
  3ca61bc0eac3cd487e681c48db0523ffd9d0bf7de4e65e284f66810e91914b2d0e33a511e6eaee240ae8b2a4160a18311d685f587845bd1a6ae98f6e01520847
- SSDEEP
  
  12288:trsTMcgRdrEAzvHG4z2T6DSsyXUGz2FcFe0fySvZyESEGWKm:trsaRdrEAbm4zbryUGCMfySQ3m
Score

10^/10

babylonrat discovery persistence trojan upx
- Babylon RAT
  Babylon RAT is remote access trojan written in C++.
  trojan babylonrat
- Babylonrat family
  babylonrat
- Drops startup file
- Executes dropped EXE
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

babylonratdiscoverypersistencetrojanupx

behavioral2

babylonratdiscoverypersistencetrojanupx

© 2018-2025

Terms | Privacy