Babylon RAT

By GoldSparrow in Remote Administration Tools

Translate To:

The Babylon malware is a Remote Access Trojan (RAT) that surfaced on forums on the Dark Web in 2015. The Babylon RAT received several small updates in the following years making it one of the less-known RATs on the Internet that has remained active up to 2019. The Babylon RAT is introduced by, what we suspect is the author, an Internet persona called 'Nogester' on platforms like www.nulled.to and ranger-exploit.com. The 'Nogester' actor advertises the Babylon RAT as an advanced tool with proven high performance and reliability. The Babylon RAT is written using the C++ and the Java programming languages. The client is written in Java, and the command program is written in C++.

Threat actors may deploy the client executable via spam emails, pirated software and exploit kits. Affected users are not likely to notice decreased system performance due to the small size of the client application. Once you are infected, the host sends a POSt request to the command servers including generic system information like the IP address, country of origin, system status, OS type, and version. Also, bot-PCs may be configured to send desktop screenshots on a set interval and update desktop previews in the Babylon RAT control panel. The Babylon RAT supports a wide range of features that are listed below:

Remote desktop view and remote shutdown.
Remote PowerShell execution.
Remote Registry operations.
Keylogging, audio feed and video feed grabbing using the attached peripherals.
Formatting the memory drives, uploading files, downloading files to the infected hosts.
Launching DDoS attacks (Distributed Denial of Service attacks).
Retrieve passwords in the installed Web browsers (Mozilla Firefox, Google Chrome, Internet Explorer, Edge), email client (Thunderbird, Windows Mail) and Skype.

Compromised users may notice unfamiliar processes in the Task Manager; LED indicators for the Webcam turning on when not using the device; foreign chat windows popping up and disabled AV scanners. You might want to turn your Internet connection off and even unplug the Internet cable for good measure. Then, you can run a security instrument from a USB drive and remove potential threats from your system. Alert names for the Babylon RAT can be found below:

BKDR_DODIW.SM
BackDoor-FCXS!EEB81A5DA918
Backdoor.Agent
HEUR/AGEN.1014972
Heuristic.HEUR/AGEN.1014972
Malware (ai Score=85)
Troj/Agent-BAGZ
Trojan.WebPick.9115
Trojan.Win32.Agent.794624.L[UPX]
Trojan.Win32.Generic.mBL2
TrojanSpy.Agent!lGMj4upPDvg
Win/malicious_confidence_90% (D)
Win32:Evo-gen [Susp]

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Babylon RAT

Submit Comment

Trending

'YouPorn' Email Scam

Safe Search Eng

Findtheirreport.com

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen