Malware Analysis Report

2024-11-13 18:21

Sample ID 240920-xqeahasfqk
Target DoomRat.exe
SHA256 94bd1fa65b9ee3fe4be830326ebcd918609ee260797391d1af8aa4ac470cce3f
Tags
pyinstaller adware antivm apt upx backdoor banker bootkit botnet clipper collection crypter discovery downloader dropper evasion exploit exploiter fakeav ics infostealer keylogger loader maldoc miner overlay persistence ransomware rat rootkit spam spreader spyware stealer trojan wiper worm doom pc fucker doomrat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

94bd1fa65b9ee3fe4be830326ebcd918609ee260797391d1af8aa4ac470cce3f

Threat Level: Known bad

The file DoomRat.exe was found to be: Known bad.

Malicious Activity Summary

pyinstaller adware antivm apt upx backdoor banker bootkit botnet clipper collection crypter discovery downloader dropper evasion exploit exploiter fakeav ics infostealer keylogger loader maldoc miner overlay persistence ransomware rat rootkit spam spreader spyware stealer trojan wiper worm doom pc fucker doomrat

DoomRatV2

Doomrat family

Detects Pyinstaller

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-09-20 19:03

Signatures

DoomRatV2

adware antivm apt upx backdoor banker bootkit botnet clipper collection crypter discovery downloader dropper evasion exploit exploiter fakeav ics infostealer keylogger loader maldoc miner overlay persistence ransomware rat rootkit spam spreader spyware stealer trojan wiper worm doom pc fucker
Description Indicator Process Target
N/A N/A N/A N/A

Doomrat family

doomrat

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-20 19:03

Reported

2024-09-20 19:04

Platform

win10-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A