Extracted

• • Target

    a79f8b79794b63f8329a2f70b6ca89018d0d9ea73e632afb29e549c43f2f2959N.exe

  • Size

    951KB

  • MD5

    26b1f993b1068a34e8ef29e7ed224ab0

  • SHA1

    6f59482fb7ef193cada4e1267464e08f57d8b197

  • SHA256

    a79f8b79794b63f8329a2f70b6ca89018d0d9ea73e632afb29e549c43f2f2959

  • SHA512

    fe3a5353886e12748ecc996d7d6b1017491d608577933d4b3053538deb321dac7311175bd54451962536c89c4d1a4ff5541b702647e5cec72b8b5fb07eb50932

  • SSDEEP

    24576:AN+cu49fdt9rdqyPWLzAh0ldWjWCV6JApBpgK5FD:i+cuWt9RZPgK0ldWjWCPppFD

  Score

  10^/10

  babylonratdiscoverypersistencetrojan

  • Babylon RAT

    Babylon RAT is remote access trojan written in C++.

    trojanbabylonrat

  • Babylonrat family

    babylonrat

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2