MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2fdb85c7a0a29e78f22e3b994c5835178f6b54162f4d72a224d9ac9d40c3b60f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2fdb85c7a0a29e78f22e3b994c5835178f6b54162f4d72a224d9ac9d40c3b60f
SHA3-384 hash: 739553cd8fbbb0055d74a00a818130a89929f65a3d21232cb5e6945709e88f7ad21589a4ca3c635e17ea4ebc723350ef
SHA1 hash: 35c4d9774e60fa8f50d6cf7b4aba4225c4d3546b
MD5 hash: 001f5a7e9f35db5f06a576b863c94b9b
humanhash: gee-fix-berlin-winner
File name:2fdb85c7a0a29e78f22e3b994c5835178f6b54162f4d72a224d9ac9d40c3b60f
Download: download sample
File size:1'054'720 bytes
First seen:2020-06-10 11:41:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 38150c86a75b6ec8525a5e45e8366d95
ssdeep 24576:/SEfsdyMRWH9uMRoBG8gELUAgzAEoJjt2mIWP:aEbMRWduzLAN9oFt2m5P
Threatray 58 similar samples on MalwareBazaar
TLSH E3252345EB404268EA682A33482ABD217271BD843D36EB138D7FB312F7737572D2855B
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.AsprotectSke-6
Create hunting rule

PUA.Win.Packer.AsprotectSke-1
Create hunting rule

PUA.Win.Packer.AsprotectSke-4
Create hunting rule

PUA.Win.Packer.Asprotect-3
Create hunting rule

PUA.Win.Packer.AsprotectSke-5
Create hunting rule

Gathering data
Threat name:
Win32.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-06-08 20:32:20 UTC
File Type:
PE (Exe)
Extracted files:
212
AV detection:
29 of 48 (60.42%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=f7nylr5aukphr4rohomuywbvc6hwwvawf5gxfire3gwj2qgdwyhq._file
Verdict:
malicious
Similar samples:
02fbb8bf86f5163a9e3dcf6c172a709c2bd68fc9586b71c7c84627cc049da3ae
23b916e5bb30f814e9819cf3499fe56820380b827b20f595022eabbd47267374
54efc75509d102fe879aae2a49098bd2f05183502e0ee554a3f6c1a7a4367ad9
72660328d491a37b99ae219252eccab4dfd568329fbb72e512167b239ba2c190
812cdbdfa256af3a059c4016d47017c6a2b3a13790f077eb637493b76e9ec546
d06d675add136cc82c55c68166df534afa018e9f1ae333a9a75cacc1ec66d9d3
d2edc352a2a157c1ac51e314039ca894958635959d905900755992eed6a13256
ea0493a75251c59cbf9ae40a8c3ed4a0808adf8071f4c297d4fe52ead18962ef
f066f830f62f469a36d49b22554dfd186c0d131a3ad924df108262f87b2346ab
f4bf1d1294fcdebf960a81bc8bdf14edb488c4d844a90ab100a1d5354f8cd443
+ 48 additional samples on MalwareBazaar
Result
Malware family:
darkcomet
Create hunting rule
Score:
  10/10
Tags:
family:darkcomet bootkit persistence rat trojan
Link:
https://tria.ge/reports/201109-691klvnd62/
Behaviour
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Writes to the Master Boot Record (MBR)
Drops startup file
Loads dropped DLL
Executes dropped EXE
Darkcomet
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments