MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 52b6f57b2e7a9fc832227cc0ae02794e506358a295dadcf75387755a1b84b1ea. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

DarkComet

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	52b6f57b2e7a9fc832227cc0ae02794e506358a295dadcf75387755a1b84b1ea
SHA3-384 hash:	6c220b5a3f9ad23402c61969f01881beffc3ad930a60e7696f76fc2d74aa1fe8a77e63d4de01c9acf862374659edfe4a
SHA1 hash:	b528651971ac466807350ce24728d76fb6cd0e1a
MD5 hash:	8a488db081cc65579bf9f2f0e7e402d4
humanhash:	jersey-earth-pasta-enemy
File name:	52b6f57b2e7a9fc832227cc0ae02794e506358a295dadcf75387755a1b84b1ea
Download:	download sample
Signature	DarkComet Create hunting rule
File size:	459'776 bytes
First seen:	2020-06-17 09:19:16 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	a38ad86d74cafc45094a5085e33419e4 (109 x DarkComet, 1 x njrat)
ssdeep	6144:PcNYk1yuwEDBum3qYWnl0pd0EX3Zq2b6wfIDYm0PIjY8X9:PcWkbgTYWnYnt/IDYhPIjTN
Threatray	50 similar samples on MalwareBazaar
TLSH	F7A4F3B08064675FC4F7F9BFA151E7E501BE1AAB8F852D29488FE63640E3712315898F
Reporter	JAMESWT_WT

Intelligence

File Origin

# of uploads :

1

# of downloads :

87

Origin country :

n/a

Vendor Threat Intelligence

Detection:

DarkComet

Link:

https://www.capesandbox.com/analysis/19321/

Gathering data

Threat name:

Win32.Backdoor.DarkComet

Status:

Malicious

First seen:

2020-06-16 22:34:18 UTC

File Type:

PE (Exe)

Extracted files:

27

AV detection:

30 of 31 (96.77%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

00bafc075224d7f64e56ed9d1163c024a4049f195c8fb2ed623a754916db31b6

13429271d76c4c33d286cc91d897a1e81c7c442ba6523b56685562e73cb19e60

1ba1a86e6f5e0e1e2f1a596018465345a90822163264c05647e8155edb88ce64

70384e8c5ba3d348bf34e7071759c64c52fa2e21ac9c331e719cbf9116efa57d

806edea6dcd7aba5324f6a3c9f1f9f84e80baf0667e76d0c1e44ffefbc0655b1

9a414edf4a549a14b576e23122187a56029f4277cccaaa40f20f3f30d9a4ab99

a6184cc11ae5e53a2c52fc668690561b0ed9b7217e0ff7c0b236bce30fba1da3

e131a045dc4874ee4eed8e75af0faeecaf86a80e18f13b9845a8b6f57686beec

f52cc86d7cf14cdc0c501285f31418a702fb88fceb639e5c4b295f9d9bcadb29

fee0b02e4e0358d8025fa74d2780dd557c2de871e03a82b3dd7aadaf451ea1a3

+ 40 additional samples on MalwareBazaar

Result

Malware family:

darkcomet

Score:

10/10

Tags:

trojan rat family:darkcomet persistence

Link:

https://tria.ge/reports/200624-1n4gyrkn6s/

Behaviour

Suspicious use of AdjustPrivilegeToken

Adds Run entry to start application

Modifies WinLogon for persistence

Darkcomet

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/19321/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample