babylonrat | 15b805ea0121bfaeadcd2e6f4cafce3199a91209f04b599bb333dca9010aeb55 | Triage

Submit
Reports

Overview

overview

Static

static

3

15b805ea01...5N.exe

windows7-x64

15b805ea01...5N.exe

windows10-2004-x64

Sharing

General

Target

15b805ea0121bfaeadcd2e6f4cafce3199a91209f04b599bb333dca9010aeb55N.exe
Size

735KB
Sample

250120-hr9qgaxlhk
MD5

8b3abbb304f163345e23e9c6b1e70a90
SHA1

2f55f460322b4a687bc08e0f527e24b4a53e029c
SHA256

15b805ea0121bfaeadcd2e6f4cafce3199a91209f04b599bb333dca9010aeb55
SHA512

7894285b95a882b2bf1f66822e1a0e24d07b96dd0738238e87a12155e2613bf05baca081c4faa4e9597d99d4a6eca00fabfe7c7dc45b4ff193c4fbfad27b9f37
SSDEEP

12288:trsTMcgRdrEAzvHG4z2T6DSsyXUGz2FcFe0fySvZyESEGWKy:trsaRdrEAbm4zbryUGCMfySQ3y

Score

10^/10

babylonrat discovery persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

15b805ea0121bfaeadcd2e6f4cafce3199a91209f04b599bb333dca9010aeb55N.exe

Resource

win7-20240903-en

babylonrat discovery persistence trojan upx

windows7-x64

14 signatures

120 seconds

Behavioral task

behavioral2

Sample

15b805ea0121bfaeadcd2e6f4cafce3199a91209f04b599bb333dca9010aeb55N.exe

Resource

win10v2004-20241007-en

babylonrat discovery persistence trojan upx

windows10-2004-x64

13 signatures

120 seconds

Malware Config

Extracted

Family

babylonrat

C2

cb4cb4.ddns.net

Targets

- Target
  
  15b805ea0121bfaeadcd2e6f4cafce3199a91209f04b599bb333dca9010aeb55N.exe
- Size
  
  735KB
- MD5
  
  8b3abbb304f163345e23e9c6b1e70a90
- SHA1
  
  2f55f460322b4a687bc08e0f527e24b4a53e029c
- SHA256
  
  15b805ea0121bfaeadcd2e6f4cafce3199a91209f04b599bb333dca9010aeb55
- SHA512
  
  7894285b95a882b2bf1f66822e1a0e24d07b96dd0738238e87a12155e2613bf05baca081c4faa4e9597d99d4a6eca00fabfe7c7dc45b4ff193c4fbfad27b9f37
- SSDEEP
  
  12288:trsTMcgRdrEAzvHG4z2T6DSsyXUGz2FcFe0fySvZyESEGWKy:trsaRdrEAbm4zbryUGCMfySQ3y
Score

10^/10

babylonrat discovery persistence trojan upx
- Babylon RAT
  Babylon RAT is remote access trojan written in C++.
  trojan babylonrat
- Babylonrat family
  babylonrat
- Drops startup file
- Executes dropped EXE
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

babylonratdiscoverypersistencetrojanupx

behavioral2

babylonratdiscoverypersistencetrojanupx

© 2018-2025

Terms | Privacy