MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9a414edf4a549a14b576e23122187a56029f4277cccaaa40f20f3f30d9a4ab99. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DarkComet


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9a414edf4a549a14b576e23122187a56029f4277cccaaa40f20f3f30d9a4ab99
SHA3-384 hash: 5e19f918714ec5cdf6f9750c690d613cb75f193cd2d33f275541d30eb11ff2ac2dcf724797b6107a5c29db2f0bd9ccc0
SHA1 hash: b54e7c09c2923a5af9163aaa73dd1cd045cc4eaf
MD5 hash: 8b126f6a63b3eb08adbae4eaa0b491e9
humanhash: ten-apart-fillet-rugby
File name:9a414edf4a549a14b576e23122187a56029f4277cccaaa40f20f3f30d9a4ab99
Download: download sample
Signature DarkComet
Create hunting rule
File size:257'536 bytes
First seen:2020-06-29 07:30:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a38ad86d74cafc45094a5085e33419e4 (108 x DarkComet, 1 x njrat)
ssdeep 6144:ucNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37j:ucW7KEZlPzCy37
Threatray 1'054 similar samples on MalwareBazaar
TLSH 0B4422A5BBC99C43EAF96EFC021D0F145B05339F1EEE82A29F3503483196A56136763D
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
DarkComet
Create hunting rule
Link:
https://www.capesandbox.com/analysis/15677/
Detection(s):
PUA.Win.Packer.Upx-49
Create hunting rule

PUA.Win.Packer.UpxProtector-1
Create hunting rule

PUA.Win.Packer.Upolyx-12
Create hunting rule

PUA.Win.Packer.Upx-6
Create hunting rule

PUA.Win.Packer.Upx-4
Create hunting rule

Win.Trojan.Darkkomet-6745294-0
Create hunting rule

Win.Trojan.DarkKomet-1
Create hunting rule

PUA.Win.Packer.Exe-6
Create hunting rule

Win.Trojan.Darkkomet-6745084-0
Create hunting rule

Win.Trojan.Darkkomet-7113180-0
Create hunting rule

PUA.Win.Packer.PrivateEXEProtector4-6192998-2
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9a414edf4a549a14b576e23122187a56029f4277cccaaa40f20f3f30d9a4ab99/
Threat name:
Win32.Backdoor.DarkComet
Create hunting rule
Status:
Malicious
First seen:
2020-06-25 21:06:00 UTC
File Type:
PE (Exe)
Extracted files:
23
AV detection:
31 of 31 (100.00%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
069c2e6f7dbaf794feb28bc32d90db33d030b6169c3a21133f5ad5cadf081c1b
DarkComet
0e659c7f42d4e96e05821b1df99216e5887904ada083fd61c6f77b9628a7890c
DarkComet
1ba1a86e6f5e0e1e2f1a596018465345a90822163264c05647e8155edb88ce64
DarkComet
389875d4c35ff8da276f122cb6b4ebd1b1d65ce5da5c05defefaf40c2609dbaf
DarkComet
4f8130693067523c153d09b000e48e744ca3b86388221a840349746ea6e561df
DarkComet
7e6dc9928e049d75cd726d8542b39cf46afef0cfd37c8dcb968ea618aedbb696
DarkComet
8ea8ef6c916a4559dde761c0373d4cd662af71e00140b6be6ddf38e3c2e38b76
DarkComet
a6184cc11ae5e53a2c52fc668690561b0ed9b7217e0ff7c0b236bce30fba1da3
DarkComet
ad5d194018074784d3a8ac9aa334d5b0b4c8ec9fe721ba7870ef054e29d4529d
DarkComet
bd5d3ebe6150f53c1535e1667a18bbd4831751a414e7518dc8e1d15a19db95b3
DarkComet
+ 1'044 additional samples on MalwareBazaar
Result
Malware family:
darkcomet
Create hunting rule
Score:
  10/10
Tags:
trojan rat family:darkcomet
Link:
https://tria.ge/reports/200629-gewdvn9td6/
Behaviour
Suspicious use of AdjustPrivilegeToken
Darkcomet
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/15677/

Comments