Source: 00000006.00000002.602074619.00000000006C1000.00000004.00000001.sdmp, type: MEMORY | Matched rule: DarkComet Author: Jean-Philippe Teissier / @Jipe_ |
Source: 00000006.00000002.602017158.0000000000696000.00000004.00000001.sdmp, type: MEMORY | Matched rule: DarkComet Author: Jean-Philippe Teissier / @Jipe_ |
Source: 00000006.00000002.601989587.0000000000668000.00000004.00000001.sdmp, type: MEMORY | Matched rule: DarkComet Author: Jean-Philippe Teissier / @Jipe_ |
Source: 00000006.00000002.602066507.00000000006BA000.00000004.00000001.sdmp, type: MEMORY | Matched rule: DarkComet Author: Jean-Philippe Teissier / @Jipe_ |
Source: 0000000B.00000002.503082454.0000000000668000.00000004.00000001.sdmp, type: MEMORY | Matched rule: DarkComet Author: Jean-Philippe Teissier / @Jipe_ |
Source: 0000000B.00000002.503148674.00000000006C1000.00000004.00000001.sdmp, type: MEMORY | Matched rule: DarkComet Author: Jean-Philippe Teissier / @Jipe_ |
Source: 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Detects DarkComet RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp, type: MEMORY | Matched rule: DarkComet RAT Author: botherder https://github.com/botherder |
Source: 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_3 Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_4 Author: unknown |
Source: 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Detects DarkComet RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth |
Source: 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, type: MEMORY | Matched rule: DarkComet RAT Author: botherder https://github.com/botherder |
Source: 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_3 Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_4 Author: unknown |
Source: 0000000B.00000002.503141508.00000000006BA000.00000004.00000001.sdmp, type: MEMORY | Matched rule: DarkComet Author: Jean-Philippe Teissier / @Jipe_ |
Source: 0000000B.00000002.503100449.0000000000696000.00000004.00000001.sdmp, type: MEMORY | Matched rule: DarkComet Author: Jean-Philippe Teissier / @Jipe_ |
Source: Process Memory Space: 9fERLFJPjq.exe PID: 5844, type: MEMORY | Matched rule: DarkComet Author: Jean-Philippe Teissier / @Jipe_ |
Source: Process Memory Space: 9fERLFJPjq.exe PID: 6088, type: MEMORY | Matched rule: Detects DarkComet RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: 9fERLFJPjq.exe PID: 6088, type: MEMORY | Matched rule: DarkComet RAT Author: botherder https://github.com/botherder |
Source: Process Memory Space: 9fERLFJPjq.exe PID: 6088, type: MEMORY | Matched rule: DarkComet_3 Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: 9fERLFJPjq.exe PID: 6088, type: MEMORY | Matched rule: DarkComet_4 Author: unknown |
Source: Process Memory Space: enxavse.exe PID: 880, type: MEMORY | Matched rule: Detects DarkComet RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: enxavse.exe PID: 880, type: MEMORY | Matched rule: DarkComet RAT Author: botherder https://github.com/botherder |
Source: Process Memory Space: enxavse.exe PID: 880, type: MEMORY | Matched rule: DarkComet_3 Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: enxavse.exe PID: 880, type: MEMORY | Matched rule: DarkComet_4 Author: unknown |
Source: Process Memory Space: enxavse.exe PID: 5520, type: MEMORY | Matched rule: DarkComet Author: Jean-Philippe Teissier / @Jipe_ |
Source: 00000006.00000002.602074619.00000000006C1000.00000004.00000001.sdmp, type: MEMORY | Matched rule: DarkComet Author: Jean-Philippe Teissier / @Jipe_ |
Source: 00000006.00000002.602017158.0000000000696000.00000004.00000001.sdmp, type: MEMORY | Matched rule: DarkComet Author: Jean-Philippe Teissier / @Jipe_ |
Source: 00000006.00000002.601989587.0000000000668000.00000004.00000001.sdmp, type: MEMORY | Matched rule: DarkComet Author: Jean-Philippe Teissier / @Jipe_ |
Source: 00000006.00000002.602066507.00000000006BA000.00000004.00000001.sdmp, type: MEMORY | Matched rule: DarkComet Author: Jean-Philippe Teissier / @Jipe_ |
Source: 0000000B.00000002.503082454.0000000000668000.00000004.00000001.sdmp, type: MEMORY | Matched rule: DarkComet Author: Jean-Philippe Teissier / @Jipe_ |
Source: 0000000B.00000002.503148674.00000000006C1000.00000004.00000001.sdmp, type: MEMORY | Matched rule: DarkComet Author: Jean-Philippe Teissier / @Jipe_ |
Source: 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Detects DarkComet RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp, type: MEMORY | Matched rule: DarkComet RAT Author: botherder https://github.com/botherder |
Source: 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_3 Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_4 Author: unknown |
Source: 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Detects DarkComet RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth |
Source: 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, type: MEMORY | Matched rule: DarkComet RAT Author: botherder https://github.com/botherder |
Source: 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_3 Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_4 Author: unknown |
Source: 0000000B.00000002.503141508.00000000006BA000.00000004.00000001.sdmp, type: MEMORY | Matched rule: DarkComet Author: Jean-Philippe Teissier / @Jipe_ |
Source: 0000000B.00000002.503100449.0000000000696000.00000004.00000001.sdmp, type: MEMORY | Matched rule: DarkComet Author: Jean-Philippe Teissier / @Jipe_ |
Source: Process Memory Space: 9fERLFJPjq.exe PID: 5844, type: MEMORY | Matched rule: DarkComet Author: Jean-Philippe Teissier / @Jipe_ |
Source: Process Memory Space: 9fERLFJPjq.exe PID: 6088, type: MEMORY | Matched rule: Detects DarkComet RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: 9fERLFJPjq.exe PID: 6088, type: MEMORY | Matched rule: DarkComet RAT Author: botherder https://github.com/botherder |
Source: Process Memory Space: 9fERLFJPjq.exe PID: 6088, type: MEMORY | Matched rule: DarkComet_3 Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: 9fERLFJPjq.exe PID: 6088, type: MEMORY | Matched rule: DarkComet_4 Author: unknown |
Source: Process Memory Space: enxavse.exe PID: 880, type: MEMORY | Matched rule: Detects DarkComet RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: enxavse.exe PID: 880, type: MEMORY | Matched rule: DarkComet RAT Author: botherder https://github.com/botherder |
Source: Process Memory Space: enxavse.exe PID: 880, type: MEMORY | Matched rule: DarkComet_3 Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: enxavse.exe PID: 880, type: MEMORY | Matched rule: DarkComet_4 Author: unknown |
Source: Process Memory Space: enxavse.exe PID: 5520, type: MEMORY | Matched rule: DarkComet Author: Jean-Philippe Teissier / @Jipe_ |
Source: 00000006.00000002.602074619.00000000006C1000.00000004.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_2 date = 2013-01-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = DarkComet, version = 1.0 |
Source: 00000006.00000002.602017158.0000000000696000.00000004.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_2 date = 2013-01-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = DarkComet, version = 1.0 |
Source: 00000006.00000002.601989587.0000000000668000.00000004.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_2 date = 2013-01-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = DarkComet, version = 1.0 |
Source: 00000006.00000002.602066507.00000000006BA000.00000004.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_2 date = 2013-01-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = DarkComet, version = 1.0 |
Source: 0000000B.00000002.503082454.0000000000668000.00000004.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_2 date = 2013-01-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = DarkComet, version = 1.0 |
Source: 0000000B.00000002.503148674.00000000006C1000.00000004.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_2 date = 2013-01-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = DarkComet, version = 1.0 |
Source: 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Malware_QA_update date = 2016-08-29, hash2 = 6415b45f5bae6429dd5d92d6cae46e8a704873b7090853e68e80cd179058903e, author = Florian Roth, description = VT Research QA uploaded malware - file update.exe, reference = VT Research QA, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 6d805533623d7063241620eec38b7eb9b625533ccadeaf4f6c2cc6db32711541 |
Source: 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp, type: MEMORY | Matched rule: RAT_DarkComet date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects DarkComet RAT, reference = http://malwareconfig.com/stats/DarkComet |
Source: 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Malware_QA_update_RID2DAD date = 2016-08-29 10:42:01, author = Florian Roth, description = VT Research QA uploaded malware - file update.exe, reference = VT Research QA, license = CC-BY-NC https://creativecommons.org/licenses/by-nc/4.0/, score = demo, minimum_yara = 1.7 |
Source: 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_1 author = botherder https://github.com/botherder, description = DarkComet RAT |
Source: 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_3 date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/DarkComet |
Source: 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_4 reference = https://github.com/bwall/bamfdetect/blob/master/BAMF_Detect/modules/yara/darkcomet.yara |
Source: 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, type: MEMORY | Matched rule: RAT_DarkComet date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects DarkComet RAT, reference = http://malwareconfig.com/stats/DarkComet |
Source: 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, type: MEMORY | Matched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, type: MEMORY | Matched rule: LokiBot_Dropper_Packed_R11_Feb18_RID328F date = 2018-02-14 14:10:21, author = Florian Roth, description = Semiautomatic generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = CC-BY-NC https://creativecommons.org/licenses/by-nc/4.0/, score = demo, minimum_yara = 1.7 |
Source: 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_1 author = botherder https://github.com/botherder, description = DarkComet RAT |
Source: 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_3 date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/DarkComet |
Source: 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_4 reference = https://github.com/bwall/bamfdetect/blob/master/BAMF_Detect/modules/yara/darkcomet.yara |
Source: 0000000B.00000002.503141508.00000000006BA000.00000004.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_2 date = 2013-01-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = DarkComet, version = 1.0 |
Source: 0000000B.00000002.503100449.0000000000696000.00000004.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_2 date = 2013-01-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = DarkComet, version = 1.0 |
Source: Process Memory Space: 9fERLFJPjq.exe PID: 5844, type: MEMORY | Matched rule: DarkComet_2 date = 2013-01-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = DarkComet, version = 1.0 |
Source: Process Memory Space: 9fERLFJPjq.exe PID: 6088, type: MEMORY | Matched rule: RAT_DarkComet date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects DarkComet RAT, reference = http://malwareconfig.com/stats/DarkComet |
Source: Process Memory Space: 9fERLFJPjq.exe PID: 6088, type: MEMORY | Matched rule: DarkComet_1 author = botherder https://github.com/botherder, description = DarkComet RAT |
Source: Process Memory Space: 9fERLFJPjq.exe PID: 6088, type: MEMORY | Matched rule: DarkComet_3 date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/DarkComet |
Source: Process Memory Space: 9fERLFJPjq.exe PID: 6088, type: MEMORY | Matched rule: DarkComet_4 reference = https://github.com/bwall/bamfdetect/blob/master/BAMF_Detect/modules/yara/darkcomet.yara |
Source: Process Memory Space: enxavse.exe PID: 880, type: MEMORY | Matched rule: RAT_DarkComet date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects DarkComet RAT, reference = http://malwareconfig.com/stats/DarkComet |
Source: Process Memory Space: enxavse.exe PID: 880, type: MEMORY | Matched rule: DarkComet_1 author = botherder https://github.com/botherder, description = DarkComet RAT |
Source: Process Memory Space: enxavse.exe PID: 880, type: MEMORY | Matched rule: DarkComet_3 date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/DarkComet |
Source: Process Memory Space: enxavse.exe PID: 880, type: MEMORY | Matched rule: DarkComet_4 reference = https://github.com/bwall/bamfdetect/blob/master/BAMF_Detect/modules/yara/darkcomet.yara |
Source: Process Memory Space: enxavse.exe PID: 5520, type: MEMORY | Matched rule: DarkComet_2 date = 2013-01-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = DarkComet, version = 1.0 |
Source: 00000006.00000002.602074619.00000000006C1000.00000004.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_2 date = 2013-01-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = DarkComet, version = 1.0 |
Source: 00000006.00000002.602017158.0000000000696000.00000004.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_2 date = 2013-01-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = DarkComet, version = 1.0 |
Source: 00000006.00000002.601989587.0000000000668000.00000004.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_2 date = 2013-01-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = DarkComet, version = 1.0 |
Source: 00000006.00000002.602066507.00000000006BA000.00000004.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_2 date = 2013-01-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = DarkComet, version = 1.0 |
Source: 0000000B.00000002.503082454.0000000000668000.00000004.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_2 date = 2013-01-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = DarkComet, version = 1.0 |
Source: 0000000B.00000002.503148674.00000000006C1000.00000004.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_2 date = 2013-01-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = DarkComet, version = 1.0 |
Source: 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Malware_QA_update date = 2016-08-29, hash2 = 6415b45f5bae6429dd5d92d6cae46e8a704873b7090853e68e80cd179058903e, author = Florian Roth, description = VT Research QA uploaded malware - file update.exe, reference = VT Research QA, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 6d805533623d7063241620eec38b7eb9b625533ccadeaf4f6c2cc6db32711541 |
Source: 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp, type: MEMORY | Matched rule: RAT_DarkComet date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects DarkComet RAT, reference = http://malwareconfig.com/stats/DarkComet |
Source: 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Malware_QA_update_RID2DAD date = 2016-08-29 10:42:01, author = Florian Roth, description = VT Research QA uploaded malware - file update.exe, reference = VT Research QA, license = CC-BY-NC https://creativecommons.org/licenses/by-nc/4.0/, score = demo, minimum_yara = 1.7 |
Source: 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_1 author = botherder https://github.com/botherder, description = DarkComet RAT |
Source: 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_3 date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/DarkComet |
Source: 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_4 reference = https://github.com/bwall/bamfdetect/blob/master/BAMF_Detect/modules/yara/darkcomet.yara |
Source: 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, type: MEMORY | Matched rule: RAT_DarkComet date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects DarkComet RAT, reference = http://malwareconfig.com/stats/DarkComet |
Source: 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, type: MEMORY | Matched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, type: MEMORY | Matched rule: LokiBot_Dropper_Packed_R11_Feb18_RID328F date = 2018-02-14 14:10:21, author = Florian Roth, description = Semiautomatic generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = CC-BY-NC https://creativecommons.org/licenses/by-nc/4.0/, score = demo, minimum_yara = 1.7 |
Source: 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_1 author = botherder https://github.com/botherder, description = DarkComet RAT |
Source: 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_3 date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/DarkComet |
Source: 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_4 reference = https://github.com/bwall/bamfdetect/blob/master/BAMF_Detect/modules/yara/darkcomet.yara |
Source: 0000000B.00000002.503141508.00000000006BA000.00000004.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_2 date = 2013-01-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = DarkComet, version = 1.0 |
Source: 0000000B.00000002.503100449.0000000000696000.00000004.00000001.sdmp, type: MEMORY | Matched rule: DarkComet_2 date = 2013-01-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = DarkComet, version = 1.0 |
Source: Process Memory Space: 9fERLFJPjq.exe PID: 5844, type: MEMORY | Matched rule: DarkComet_2 date = 2013-01-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = DarkComet, version = 1.0 |
Source: Process Memory Space: 9fERLFJPjq.exe PID: 6088, type: MEMORY | Matched rule: RAT_DarkComet date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects DarkComet RAT, reference = http://malwareconfig.com/stats/DarkComet |
Source: Process Memory Space: 9fERLFJPjq.exe PID: 6088, type: MEMORY | Matched rule: DarkComet_1 author = botherder https://github.com/botherder, description = DarkComet RAT |
Source: Process Memory Space: 9fERLFJPjq.exe PID: 6088, type: MEMORY | Matched rule: DarkComet_3 date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/DarkComet |
Source: Process Memory Space: 9fERLFJPjq.exe PID: 6088, type: MEMORY | Matched rule: DarkComet_4 reference = https://github.com/bwall/bamfdetect/blob/master/BAMF_Detect/modules/yara/darkcomet.yara |
Source: Process Memory Space: enxavse.exe PID: 880, type: MEMORY | Matched rule: RAT_DarkComet date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects DarkComet RAT, reference = http://malwareconfig.com/stats/DarkComet |
Source: Process Memory Space: enxavse.exe PID: 880, type: MEMORY | Matched rule: DarkComet_1 author = botherder https://github.com/botherder, description = DarkComet RAT |
Source: Process Memory Space: enxavse.exe PID: 880, type: MEMORY | Matched rule: DarkComet_3 date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/DarkComet |
Source: Process Memory Space: enxavse.exe PID: 880, type: MEMORY | Matched rule: DarkComet_4 reference = https://github.com/bwall/bamfdetect/blob/master/BAMF_Detect/modules/yara/darkcomet.yara |
Source: Process Memory Space: enxavse.exe PID: 5520, type: MEMORY | Matched rule: DarkComet_2 date = 2013-01-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = DarkComet, version = 1.0 |
Source: C:\Users\user\Desktop\9fERLFJPjq.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\9fERLFJPjq.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\9fERLFJPjq.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\9fERLFJPjq.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\Exjoares\enxavse.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\Exjoares\enxavse.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\Exjoares\enxavse.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\Exjoares\enxavse.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\Exjoares\enxavse.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\9fERLFJPjq.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\9fERLFJPjq.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\9fERLFJPjq.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\9fERLFJPjq.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\Exjoares\enxavse.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\Exjoares\enxavse.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\Exjoares\enxavse.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\Exjoares\enxavse.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\Exjoares\enxavse.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: 9fERLFJPjq.exe, 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, enxavse.exe, 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp | Binary or memory string: Shell_traywndTrayNotifyWndTrayClockWClassjh< |
Source: 9fERLFJPjq.exe, 00000002.00000002.602698012.0000000000DC0000.00000002.00000001.sdmp, 9fERLFJPjq.exe, 00000006.00000002.602880501.0000000001010000.00000002.00000001.sdmp | Binary or memory string: Program ManagerWv{ |
Source: 9fERLFJPjq.exe, 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, 9fERLFJPjq.exe, 00000006.00000002.602880501.0000000001010000.00000002.00000001.sdmp, enxavse.exe, 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp | Binary or memory string: Shell_TrayWnd |
Source: 9fERLFJPjq.exe, 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, 9fERLFJPjq.exe, 00000006.00000002.602880501.0000000001010000.00000002.00000001.sdmp, enxavse.exe, 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp | Binary or memory string: Progman |
Source: 9fERLFJPjq.exe, 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, enxavse.exe, 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp | Binary or memory string: Shell_TrayWndjjh |
Source: 9fERLFJPjq.exe, 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, enxavse.exe, 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp | Binary or memory string: Progmanjhh |
Source: 9fERLFJPjq.exe, 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, enxavse.exe, 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp | Binary or memory string: Shell_traywndTrayNotifyWndjh |
Source: 9fERLFJPjq.exe, 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, enxavse.exe, 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp | Binary or memory string: ProgmanU |
Source: 9fERLFJPjq.exe, 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, enxavse.exe, 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp | Binary or memory string: Shell_traywndTrayNotifyWndTrayClockWClassjh |
Source: 9fERLFJPjq.exe, 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, enxavse.exe, 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp | Binary or memory string: ButtonShell_TrayWndj |
Source: 9fERLFJPjq.exe, 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, enxavse.exe, 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp | Binary or memory string: Shell_traywndReBarWindow32jh |
Source: 9fERLFJPjq.exe, 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, enxavse.exe, 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp | Binary or memory string: Shell_traywndReBarWindow32jhD |
Source: 9fERLFJPjq.exe, 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, enxavse.exe, 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp | Binary or memory string: Shell_traywnd |
Source: 9fERLFJPjq.exe, 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, enxavse.exe, 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp | Binary or memory string: Shell_TrayWndPjjh |
Source: 9fERLFJPjq.exe, 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, enxavse.exe, 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp | Binary or memory string: Shell_traywndTrayNotifyWndTrayClockWClassjh< |
Source: 9fERLFJPjq.exe, 00000002.00000002.602698012.0000000000DC0000.00000002.00000001.sdmp, 9fERLFJPjq.exe, 00000006.00000002.602880501.0000000001010000.00000002.00000001.sdmp | Binary or memory string: Program ManagerWv{ |
Source: 9fERLFJPjq.exe, 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, 9fERLFJPjq.exe, 00000006.00000002.602880501.0000000001010000.00000002.00000001.sdmp, enxavse.exe, 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp | Binary or memory string: Shell_TrayWnd |
Source: 9fERLFJPjq.exe, 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, 9fERLFJPjq.exe, 00000006.00000002.602880501.0000000001010000.00000002.00000001.sdmp, enxavse.exe, 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp | Binary or memory string: Progman |
Source: 9fERLFJPjq.exe, 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, enxavse.exe, 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp | Binary or memory string: Shell_TrayWndjjh |
Source: 9fERLFJPjq.exe, 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, enxavse.exe, 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp | Binary or memory string: Progmanjhh |
Source: 9fERLFJPjq.exe, 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, enxavse.exe, 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp | Binary or memory string: Shell_traywndTrayNotifyWndjh |
Source: 9fERLFJPjq.exe, 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, enxavse.exe, 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp | Binary or memory string: ProgmanU |
Source: 9fERLFJPjq.exe, 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, enxavse.exe, 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp | Binary or memory string: Shell_traywndTrayNotifyWndTrayClockWClassjh |
Source: 9fERLFJPjq.exe, 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, enxavse.exe, 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp | Binary or memory string: ButtonShell_TrayWndj |
Source: 9fERLFJPjq.exe, 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, enxavse.exe, 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp | Binary or memory string: Shell_traywndReBarWindow32jh |
Source: 9fERLFJPjq.exe, 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, enxavse.exe, 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp | Binary or memory string: Shell_traywndReBarWindow32jhD |
Source: 9fERLFJPjq.exe, 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, enxavse.exe, 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp | Binary or memory string: Shell_traywnd |
Source: 9fERLFJPjq.exe, 00000002.00000002.605724298.0000000002F24000.00000040.00000001.sdmp, enxavse.exe, 00000008.00000002.501960152.0000000002FB6000.00000040.00000001.sdmp | Binary or memory string: Shell_TrayWndPjjh |