MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3e6456b94b5d27dfe76535a889fca40c093753320c991f8860d65b298494ef99. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DarkComet


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3e6456b94b5d27dfe76535a889fca40c093753320c991f8860d65b298494ef99
SHA3-384 hash: 37364fceb2ac7482336c26b9468fb2ea72dbf01269fb8c2864f822027e43e31478a4ca86de501bbbd84092b924738ef8
SHA1 hash: 40915db3005f6a2daee9bcb587502a126b926268
MD5 hash: 78007cc0b37d3ae9e4c300d1a76782ee
humanhash: hawaii-seven-high-ohio
File name:Payment 381.zip
Download: download sample
Signature DarkComet
Create hunting rule
File size:2'035'905 bytes
First seen:2021-02-25 09:51:13 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 49152:Y/oQ6zzGTN2+I1AOdc7updzSc36NjWjI1ilEwcXN:c6XgUuN2ailsN
TLSH 5A95334AFE7FAD83038B92A11CDA397CCE5271C5CD829D6E10E6C9D6097855D2EF2438
Reporter abuse_ch
Tags:DarkComet RAT Yahoo zip


Avatar
abuse_ch
Malspam distributing DarkComet:

HELO: sonic315-21.consmr.mail.ne1.yahoo.com
Sending IP: 66.163.190.147
From: williams Green <williamsgreen1979@yahoo.com>
Subject: Payment
Attachment: Payment 381.zip (contains "Payment 381.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
880
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.EXE.Obfus-4.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3e6456b94b5d27dfe76535a889fca40c093753320c991f8860d65b298494ef99/
Threat name:
Win32.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2021-02-25 09:52:06 UTC
AV detection:
6 of 47 (12.77%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hzsfnokllut57z3fgwuit7febqetouzsbsmr7cda2znstbeu56mq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

DarkComet

zip 3e6456b94b5d27dfe76535a889fca40c093753320c991f8860d65b298494ef99

(this sample)

DarkComet

Executable exe 87fd1a37f56e55cc20cdf882955d9ac37a857bd0bf12c480ea76f9a452438ab6

  
Dropping
MD5 3602f8e02342949364e8669e0c88f686
  
Dropping
DarkComet
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 87fd1a37f56e55cc20cdf882955d9ac37a857bd0bf12c480ea76f9a452438ab6

Comments