babylonrat | 2d952fedf846b7d19e3e75632fa03826b6da922ba04c308283c5ce8110a5e456

General

Target

Lunar.exe
Size

7.9MB
Sample

240504-yfm1bsbh94
MD5

17245a2f10932f0f89ec975b9b5f9c3b
SHA1

929e3262812dd262b4f3faae2c380681a4f15cae
SHA256

2d952fedf846b7d19e3e75632fa03826b6da922ba04c308283c5ce8110a5e456
SHA512

c4f940da4718db06296602b6166494319d1a17451979b1f78afb03515171de8201d06284c613f0e3d67ee0c92da85ec2c3a92b07af42233e0cbbfca69d78e44a
SSDEEP

196608:XL29VjA1HeT39IigNauDXURuA9SEXK4Ag:7mO1+TtIiLuARuAU8K4Ag

Score

10^/10

Malware Config

Targets

- Target
  
  Lunar.exe
- Size
  
  7.9MB
- MD5
  
  17245a2f10932f0f89ec975b9b5f9c3b
- SHA1
  
  929e3262812dd262b4f3faae2c380681a4f15cae
- SHA256
  
  2d952fedf846b7d19e3e75632fa03826b6da922ba04c308283c5ce8110a5e456
- SHA512
  
  c4f940da4718db06296602b6166494319d1a17451979b1f78afb03515171de8201d06284c613f0e3d67ee0c92da85ec2c3a92b07af42233e0cbbfca69d78e44a
- SSDEEP
  
  196608:XL29VjA1HeT39IigNauDXURuA9SEXK4Ag:7mO1+TtIiLuARuAU8K4Ag
Score

7^/10
- Loads dropped DLL
behavioral1
- Target
  
  troll.pyc
- Size
  
  2KB
- MD5
  
  f4c02d1f0a86849a1d6cdc0f996036d1
- SHA1
  
  0eedd3a627bee8d321553f5d97978216490af2e5
- SHA256
  
  a0a969ae358d472a5245fda0cccd062fd6a21e431356da6f6f8b55ccdd7982f8
- SHA512
  
  dc11a264125f21932a95f67c89766cdfe8aaa96c027181a8901b58e11c1831332d487317af967786f13ed0a1939128522626cfe3476010b2d18bb4060b7f31be
Score

10^/10

babylonrat modiloader bootkit persistence trojan upx
- Babylon RAT
  Babylon RAT is remote access trojan written in C++.
  trojan babylonrat
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Babylon RAT

ModiLoader, DBatLoader

ModiLoader Second Stage

Checks computer location settings

Executes dropped EXE

UPX packed file

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Writes to the Master Boot Record (MBR)

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2