Overview

overview

10

Static

static

3

2025-04-18...om.exe

windows10-2004-x64

10

2025-04-18...om.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-04-18_aff872071f0803ed231eec8c92ee0592_black-basta_cobalt-strike_satacom

  • Size

    1.5MB

  • Sample

    250418-qmvpratybs

  • MD5

    aff872071f0803ed231eec8c92ee0592

  • SHA1

    dca552c0363ecb14b591e5263ec66073830f2894

  • SHA256

    0380f882f1526c5f97af909cca3bc066671ffab1e58af34d0cf0148e4c60d92c

  • SHA512

    40afe4749470dcaed18a7b30b35706301156745050f0bb6ea05d867af9de7be720f1b0f9aa923b1a9f4cec66bb2bdddaafb89045d33ed1d83829538c9ec5ecf3

  • SSDEEP

    24576:NHHiWcxasI5H1z0ZxMMk5sbviePA+Q8jNy2gMZ4STyPwncCsYeeNrbT:NHHiXasI70Z85UHQX2rZ43P2RsYl

Score
10/10
babylonratdiscoveryexecutiontrojan

Malware Config

Targets

    • Target

      2025-04-18_aff872071f0803ed231eec8c92ee0592_black-basta_cobalt-strike_satacom

    • Size

      1.5MB

    • MD5

      aff872071f0803ed231eec8c92ee0592

    • SHA1

      dca552c0363ecb14b591e5263ec66073830f2894

    • SHA256

      0380f882f1526c5f97af909cca3bc066671ffab1e58af34d0cf0148e4c60d92c

    • SHA512

      40afe4749470dcaed18a7b30b35706301156745050f0bb6ea05d867af9de7be720f1b0f9aa923b1a9f4cec66bb2bdddaafb89045d33ed1d83829538c9ec5ecf3

    • SSDEEP

      24576:NHHiWcxasI5H1z0ZxMMk5sbviePA+Q8jNy2gMZ4STyPwncCsYeeNrbT:NHHiXasI70Z85UHQX2rZ43P2RsYl

    Score
    10/10
    babylonratdiscoveryexecutiontrojan

    • Babylon RAT

      Babylon RAT is remote access trojan written in C++.

      trojanbabylonrat

    • Babylonrat family

      babylonrat

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v16

Tasks