MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a207dcc816a09d6e115c0a08015779c283906a358b66c94d531df9f6e73b1033. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a207dcc816a09d6e115c0a08015779c283906a358b66c94d531df9f6e73b1033
SHA3-384 hash: 5d8a9fa06248c21bdb30c936c29f9fc7092f994aade8f933ce6ec4e3c1b9e89c54cdc54ab10324046060fef92e4a7e07
SHA1 hash: 6082c913e9f52cb73b479836b355d6ce704ff263
MD5 hash: b4be767713b4dd3de76564678e8e0002
humanhash: white-ohio-charlie-sad
File name:a207dcc816a09d6e115c0a08015779c283906a358b66c94d531df9f6e73b1033
Download: download sample
File size:674'304 bytes
First seen:2020-07-06 06:42:30 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9d617e643d715888a08eb0e79581244c (6 x DarkComet)
ssdeep 12288:W9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9EkNC/:yZ1xuVVjfFoynPaVBUR8f+kN10Ed
Threatray 47 similar samples on MalwareBazaar
TLSH FDE46D32F5808837DD7219789C5B81E698267E212E39754B3BE62F0C5F3D6C2391A2D7
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection:
DarkComet
Create hunting rule
Link:
https://www.capesandbox.com/analysis/20918/
Detection(s):
Win.Trojan.DarkKomet-1
Create hunting rule

PUA.Win.Packer.Exe-6
Create hunting rule

Win.Trojan.Darkkomet-6745084-0
Create hunting rule

Win.Trojan.Vobfus-6875610-0
Create hunting rule

Win.Trojan.Darkkomet-7113180-0
Create hunting rule

PUA.Win.Packer.PrivateEXEProtector4-6192998-2
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

PUA.Win.Adware.Dealply-6888238-0
Create hunting rule

Win.Trojan.Fynloski-40
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Connection attempt
DNS request
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a207dcc816a09d6e115c0a08015779c283906a358b66c94d531df9f6e73b1033/
Threat name:
Win32.Backdoor.Fynloski
Create hunting rule
Status:
Malicious
First seen:
2020-07-01 07:53:28 UTC
File Type:
PE (Exe)
Extracted files:
15
AV detection:
29 of 29 (100.00%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
00bafc075224d7f64e56ed9d1163c024a4049f195c8fb2ed623a754916db31b6
1ba1a86e6f5e0e1e2f1a596018465345a90822163264c05647e8155edb88ce64
52b6f57b2e7a9fc832227cc0ae02794e506358a295dadcf75387755a1b84b1ea
70384e8c5ba3d348bf34e7071759c64c52fa2e21ac9c331e719cbf9116efa57d
806edea6dcd7aba5324f6a3c9f1f9f84e80baf0667e76d0c1e44ffefbc0655b1
9a414edf4a549a14b576e23122187a56029f4277cccaaa40f20f3f30d9a4ab99
a6184cc11ae5e53a2c52fc668690561b0ed9b7217e0ff7c0b236bce30fba1da3
bbc8f1873aefb2518b9675fdda8446a2ba7dc159bab9bfd08b40e19b654ea8bb
f52cc86d7cf14cdc0c501285f31418a702fb88fceb639e5c4b295f9d9bcadb29
fee0b02e4e0358d8025fa74d2780dd557c2de871e03a82b3dd7aadaf451ea1a3
+ 37 additional samples on MalwareBazaar
Result
Malware family:
darkcomet
Create hunting rule
Score:
  10/10
Tags:
trojan rat family:darkcomet
Link:
https://tria.ge/reports/200706-l7ww6c3b92/
Behaviour
Suspicious use of AdjustPrivilegeToken
Darkcomet
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/20918/

Comments