MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2fa59f06afb2e3c9bfa441137dbb4edeaec4c3c6ebf1fab6a7bf33cfa253a588. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

DarkComet

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	2fa59f06afb2e3c9bfa441137dbb4edeaec4c3c6ebf1fab6a7bf33cfa253a588
SHA3-384 hash:	f5d5cfbbd0dee8d3da6964023e1bd731b2490a13994f18a44f64ae64d08f98809a0a552bc998f772159d0ea52131e08e
SHA1 hash:	56d18760a6bb948c7887f40e3f3a1b8395b54672
MD5 hash:	0241203fc5f46bb391c718d99aeb74fa
humanhash:	ceiling-carbon-echo-east
File name:	2fa59f06afb2e3c9bfa441137dbb4edeaec4c3c6ebf1fab6a7bf33cfa253a588
Download:	download sample
Signature	DarkComet Create hunting rule
File size:	876'544 bytes
First seen:	2020-06-17 09:15:41 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	d9ad5efdb5472496d0fe8dd4305f55f0 (2 x DarkComet)
ssdeep	24576:V0QRWoJEfg0oChGdJQbjPbNW5tYeP+GFmD5R:SQRV2o3MPY5ALR
Threatray	57 similar samples on MalwareBazaar
TLSH	DF152922B54485FFC82207B8DD4BBDA9D429B9202F3F6546F6E51E4CDF3828239167C6
Reporter	JAMESWT_WT

Intelligence

File Origin

# of uploads :

1

# of downloads :

89

Origin country :

n/a

Vendor Threat Intelligence

Detection:

DarkComet

Link:

https://www.capesandbox.com/analysis/19282/

Detection(s):

Win.Trojan.DarkKomet-1

PUA.Win.Packer.Exe-6

Win.Trojan.Darkkomet-6745084-0

Win.Trojan.Vobfus-6875610-0

PUA.Win.Packer.PrivateEXEProtector4-6192998-2

PUA.Win.Adware.Slugin-6803969-0

PUA.Win.Adware.Slugin-6840354-0

PUA.Win.Adware.Dealply-6888238-0

Win.Trojan.Agent-343293

Gathering data

Threat name:

Win32.Backdoor.Fynloski

Status:

Malicious

First seen:

2020-06-16 23:22:33 UTC

File Type:

PE (Exe)

Extracted files:

33

AV detection:

29 of 29 (100.00%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

03e6b99846c4ab6a841fa7aa135d2e7230a98957c1595e2ee0bc2b14329871ca

23b916e5bb30f814e9819cf3499fe56820380b827b20f595022eabbd47267374

54efc75509d102fe879aae2a49098bd2f05183502e0ee554a3f6c1a7a4367ad9

63576b3bcc6c0509b9855aaa0ff27fa949da6f878e39cedf0f1bbb504aff7a98

7624dfdc9137caa3238792759440cc52c94c9c306169292396bae3b8e31a8956

8a72a55d126b69bda2f37fd88050aeed02d97733f6777759b542db8a442435bc

967db64d16674b438203bc9303f8e7ad4f424ada45eb28330dd61295ee86786d

b54347c754b7095d0a38c7180eaa71e50c4431b7c721f7791483babb2610d17b

c2c82ee2700333d677bee2937f99b1e5657f339e23c27b5b7d2a397b672fffd9

e3d039ff4df80a16aec37b13d85f4e75703de36b19694e3a70bae79b2eb46cc5

+ 47 additional samples on MalwareBazaar

Result

Malware family:

darkcomet

Score:

10/10

Tags:

trojan rat family:darkcomet persistence

Link:

https://tria.ge/reports/200624-yee94zpw6a/

Behaviour

Suspicious use of AdjustPrivilegeToken

Adds Run entry to start application

Darkcomet

Modifies WinLogon for persistence

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/19282/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample