MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0fbdb66d81f97c74640af563b58b4d93872ed48a0397754b5c51a5c76d32900c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0fbdb66d81f97c74640af563b58b4d93872ed48a0397754b5c51a5c76d32900c
SHA3-384 hash: 5a9c7c32f55f869cff286a511146c122aeddce3be3b2e54636b00ecad93e8842442eb2b245459ba13b252a2d141c5385
SHA1 hash: 91e9ec0354e2befa362054a85298009e7d7985ca
MD5 hash: 652a6e69205df15fae935c63048e6001
humanhash: bluebird-blue-high-paris
File name:652a6e69_by_Libranalysis
Download: download sample
File size:1'889'792 bytes
First seen:2021-05-05 12:01:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 332f7ce65ead0adfb3d35147033aabe9 (81 x XRed, 18 x SnakeKeylogger, 7 x DarkComet)
ssdeep 49152:hnsHyjtk2MYC5GDUGME/wKIp5gRN/vhTB9g:hnsmtk2aGIp5Ong
Threatray 7 similar samples on MalwareBazaar
TLSH F1954A26759242B3C23615324FDEF770E735E9D00E38A76727D2DD3899B78C3AA22152
Reporter Libranalysis


Avatar
Libranalysis
Uploaded as part of the sample sharing project

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/150565/
Detection(s):
PUA.Win.Packer.D1s1g-5
Create hunting rule

PUA.Win.Packer.D1s1g-2
Create hunting rule

PUA.Win.Packer.D1s1g-1
Create hunting rule

Win.Malware.Delf-6899401-0
Create hunting rule

Win.Trojan.Emotet-9850453-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the Windows subdirectories
Enabling the 'hidden' option for recently created files
Creating a process from a recently created file
Creating a file
Moving a recently created file
Searching for the window
Creating a file in the %temp% directory
Moving a file to the %temp% directory
Modifying an executable file
Deleting a recently created file
DNS request
Sending a UDP request
Sending an HTTP GET request
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Infecting executable files
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0fbdb66d81f97c74640af563b58b4d93872ed48a0397754b5c51a5c76d32900c/
Threat name:
Win32.Backdoor.DarkComet
Create hunting rule
Status:
Malicious
First seen:
2021-05-05 12:02:18 UTC
AV detection:
42 of 47 (89.36%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
01b1f2041aaba6815657a7a7409a0843868459fa3cabf0c377a83862ac88a27f
277a2404fd4b34ba64813a529d1029bd7f1971b14a09df35e382ae639c3c28a2
3ecb471f2c1a3d3f33dbe47bc9457adfb09206948ec16c2d3f9c9a29f5b44508
5fa54622d0d5f5abbeec7e634d6c2d868984e8cfb20b8502757c2df8fe94f7c7
6a27b78dfc13a80e82d04620260cd32423d2ee7c6b9644d2de19fb9b660ecfd4
8c1003903aca600a1baf242dc981c2d7ef79a95890cf2bb1a057fa6fea2822a0
bd0d884649509aece899372e0bea6f6dbe833b463e35206753dae69a0bc60632
Result
Malware family:
n/a
Score:
  8/10
Tags:
macro persistence
Link:
https://tria.ge/reports/210505-yhpegksvn2/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies registry class
Modifies system certificate store
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Adds Run key to start application
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Suspicious Office macro
Unpacked files
SH256 hash:
6eab40b85c92a3d8bb74e4fc225833594e275709ccd2f79772085db754231927
MD5 hash:
2378bc6e902238982309bb334e8feb8a
SHA1 hash:
d15bfebb199b6b1a31277aa9805e90148f3d16b4
Link:
https://www.unpac.me/results/52e33656-dfb2-4a7f-8bb6-d3250c67af0b/
SH256 hash:
0fbdb66d81f97c74640af563b58b4d93872ed48a0397754b5c51a5c76d32900c
MD5 hash:
652a6e69205df15fae935c63048e6001
SHA1 hash:
91e9ec0354e2befa362054a85298009e7d7985ca
Link:
https://www.unpac.me/results/52e33656-dfb2-4a7f-8bb6-d3250c67af0b/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/150565/

Comments