Malware Analysis Report

2024-11-13 18:11

Sample ID 240927-yehzzsyckg
Target DoomRat.exe
SHA256 5c4e60801dd978710cdce9a43bcd6e14e3fa8e6790dc981b4ad25307628b41a0
Tags
pyinstaller adware antivm apt upx backdoor banker bootkit botnet clipper collection crypter discovery downloader dropper evasion exploit exploiter doomrat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5c4e60801dd978710cdce9a43bcd6e14e3fa8e6790dc981b4ad25307628b41a0

Threat Level: Known bad

The file DoomRat.exe was found to be: Known bad.

Malicious Activity Summary

pyinstaller adware antivm apt upx backdoor banker bootkit botnet clipper collection crypter discovery downloader dropper evasion exploit exploiter doomrat

DoomRat

Doomrat family

Detects Pyinstaller

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-09-27 19:41

Signatures

DoomRat

adware antivm apt upx backdoor banker bootkit botnet clipper collection crypter discovery downloader dropper evasion exploit exploiter
Description Indicator Process Target
N/A N/A N/A N/A

Doomrat family

doomrat

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-27 19:41

Reported

2024-09-27 19:41

Platform

win7-20240903-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-27 19:41

Reported

2024-09-27 19:42

Platform

win10v2004-20240802-en

Max time kernel

0s

Max time network

6s

Command Line

"C:\Users\Admin\AppData\Local\Temp\DoomRat.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\DoomRat.exe

"C:\Users\Admin\AppData\Local\Temp\DoomRat.exe"

Network

Country Destination Domain Proto
N/A 52.137.106.217:443 tcp

Files

N/A