babylonrat | 66e6eb7cf7be2d2f07adec4d17c143c6a58d56cda382da6ff918ebecc8ee807a | Triage

Submit
Reports

Overview

overview

Static

static

zzzz.exe

windows10-ltsc_2021-x64

Resubmissions

15/03/2025, 09:03

250315-kz39rsy1fx 10

15/03/2025, 09:02

250315-kzr7hay1e1 10

Sharing

General

Target

zzzz.exe
Size

439KB
Sample

250315-kz39rsy1fx
MD5

91dfc3dc22ce12c3cb94b2afb29735f9
SHA1

4478a7cca636b5163e24328478f6c654ffc02184
SHA256

66e6eb7cf7be2d2f07adec4d17c143c6a58d56cda382da6ff918ebecc8ee807a
SHA512

6799e99a258f3c65ef511e5faf7f5b843a30f6ae0a8e6112505cf9fc09c12732f8147e8498922d8451af1c5f5a899e55da8ad68a6c6f0555e358d9b9ed9321a9
SSDEEP

12288:VLdcfxaeM6fy/KaVUtgKkTZ73coNRJHwSuBzB0:dkIZGSAtgN+eJHwSuBzB0

Score

10^/10

babylonrat discovery persistence privilege_escalation trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

zzzz.exe

Resource

win10ltsc2021-20250314-en

babylonrat discovery persistence privilege_escalation trojan upx

windows10-ltsc_2021-x64

32 signatures

300 seconds

Malware Config

Targets

- Target
  
  zzzz.exe
- Size
  
  439KB
- MD5
  
  91dfc3dc22ce12c3cb94b2afb29735f9
- SHA1
  
  4478a7cca636b5163e24328478f6c654ffc02184
- SHA256
  
  66e6eb7cf7be2d2f07adec4d17c143c6a58d56cda382da6ff918ebecc8ee807a
- SHA512
  
  6799e99a258f3c65ef511e5faf7f5b843a30f6ae0a8e6112505cf9fc09c12732f8147e8498922d8451af1c5f5a899e55da8ad68a6c6f0555e358d9b9ed9321a9
- SSDEEP
  
  12288:VLdcfxaeM6fy/KaVUtgKkTZ73coNRJHwSuBzB0:dkIZGSAtgN+eJHwSuBzB0
Score

10^/10

babylonrat discovery persistence privilege_escalation trojan upx
- Babylon RAT
  Babylon RAT is remote access trojan written in C++.
  trojan babylonrat
- Babylonrat family
  babylonrat
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

babylonratdiscoverypersistenceprivilege_escalationtrojanupx

© 2018-2025

Terms | Privacy