MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fee0b02e4e0358d8025fa74d2780dd557c2de871e03a82b3dd7aadaf451ea1a3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

DarkComet

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	fee0b02e4e0358d8025fa74d2780dd557c2de871e03a82b3dd7aadaf451ea1a3
SHA3-384 hash:	f01f74e50a45b5bcb130bbdc5f15d71e8925093a5995c3cc588ec9ed7978fc27d91bafa0780d2b11b383095679a7d5fd
SHA1 hash:	6df0df8a8f05baf524014d47f7e273d408fcfa16
MD5 hash:	713b3ec26323a5156e0c484b32498c7a
humanhash:	fourteen-neptune-cat-yankee
File name:	fee0b02e4e0358d8025fa74d2780dd557c2de871e03a82b3dd7aadaf451ea1a3
Download:	download sample
Signature	DarkComet Create hunting rule
File size:	258'048 bytes
First seen:	2020-06-17 09:27:44 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	a38ad86d74cafc45094a5085e33419e4 (108 x DarkComet, 1 x njrat)
ssdeep	6144:LcNYk1yuwEDBum3qYWnl0pd0EX3Zq2b6wfIDYm0PHQd:LcWkbgTYWnYnt/IDYhP2
Threatray	64 similar samples on MalwareBazaar
TLSH	D4442305FA654A09F2F8FC3F26C657B7928C167FEEBC14A27B91630EB056616071D30A
Reporter	JAMESWT_WT

Intelligence

File Origin

# of uploads :

1

# of downloads :

85

Origin country :

n/a

Vendor Threat Intelligence

Detection:

DarkComet

Link:

https://www.capesandbox.com/analysis/19354/

Gathering data

Threat name:

Win32.Backdoor.DarkComet

Status:

Malicious

First seen:

2020-03-18 12:10:24 UTC

File Type:

PE (Exe)

Extracted files:

23

AV detection:

29 of 29 (100.00%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

00bafc075224d7f64e56ed9d1163c024a4049f195c8fb2ed623a754916db31b6

13429271d76c4c33d286cc91d897a1e81c7c442ba6523b56685562e73cb19e60

1ba1a86e6f5e0e1e2f1a596018465345a90822163264c05647e8155edb88ce64

52b6f57b2e7a9fc832227cc0ae02794e506358a295dadcf75387755a1b84b1ea

70384e8c5ba3d348bf34e7071759c64c52fa2e21ac9c331e719cbf9116efa57d

806edea6dcd7aba5324f6a3c9f1f9f84e80baf0667e76d0c1e44ffefbc0655b1

9a414edf4a549a14b576e23122187a56029f4277cccaaa40f20f3f30d9a4ab99

a6184cc11ae5e53a2c52fc668690561b0ed9b7217e0ff7c0b236bce30fba1da3

e131a045dc4874ee4eed8e75af0faeecaf86a80e18f13b9845a8b6f57686beec

f52cc86d7cf14cdc0c501285f31418a702fb88fceb639e5c4b295f9d9bcadb29

+ 54 additional samples on MalwareBazaar

Result

Malware family:

darkcomet

Score:

10/10

Tags:

trojan rat family:darkcomet persistence

Link:

https://tria.ge/reports/200624-rzrzf9b88e/

Behaviour

Suspicious use of AdjustPrivilegeToken

Adds Run entry to start application

Darkcomet

Modifies WinLogon for persistence

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/19354/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample