Extracted

• • Target

    0b3eb2c564e87b1aa8c853a6af7a08836ea402c7776f44650849abdc1d4c5d44.exe

  • Size

    951KB

  • MD5

    aa82ab6c120ad91f064822494fe62efb

  • SHA1

    eb10220cfcad3f8e92d5bcbda0d49cf1866df9a0

  • SHA256

    0b3eb2c564e87b1aa8c853a6af7a08836ea402c7776f44650849abdc1d4c5d44

  • SHA512

    3edfd8f420f3a29477a006000ce6c809814f496edc30ae86278b6cda103641ac69fec086698d4171be8f3975cb373ef5502ab34266fd8d1338b51ff2fa020920

  • SSDEEP

    24576:AN+cu49fdt9rdqyPWLzAh0ldWjWCV6JApBpgK5Fz:i+cuWt9RZPgK0ldWjWCPppFz

  Score

  10^/10

  babylonratdiscoverypersistencetrojan

  • Babylon RAT

    Babylon RAT is remote access trojan written in C++.

    trojanbabylonrat

  • Babylonrat family

    babylonrat

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2