MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 54efc75509d102fe879aae2a49098bd2f05183502e0ee554a3f6c1a7a4367ad9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	54efc75509d102fe879aae2a49098bd2f05183502e0ee554a3f6c1a7a4367ad9
SHA3-384 hash:	4e08277c097b248d49c70e84a4d483bed04f0bbd3e6a971c5883c2151f6fd468008dbdc9c7f5a033498e8c06eadbce0a
SHA1 hash:	358d0570cfeaf7a272fec31f9fa504f2a1df4e17
MD5 hash:	711351d1462651259b70f8f06e40e9de
humanhash:	august-magnesium-twenty-alanine
File name:	54efc75509d102fe879aae2a49098bd2f05183502e0ee554a3f6c1a7a4367ad9
Download:	download sample
File size:	10'315'264 bytes
First seen:	2020-06-10 11:28:07 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	14a86d600c59a07735f44434c52b41af (10 x AgentTesla, 2 x Loki, 2 x RemcosRAT)
ssdeep	196608:qRMcXwywCAfywOwe/3xywPbywrZywBywFywUyw4ywwywmIBywyywsyw/:q6qwCAqwUUwPewrUw8wow5wVwtwiwPw+
Threatray	74 similar samples on MalwareBazaar
TLSH	1CA6BF213AE94276E163173089EA6EE155B1FEF80F30C45B33996E0C3E76AD09A35717
Reporter	JAMESWT_WT

Intelligence

File Origin

# of uploads :

1

# of downloads :

61

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Purebasic-2

Win.Dropper.Generickdz-7944944-0

PUA.Win.Tool.Hackkms-6901659-0

PUA.Win.Tool.Hackkms-7341355-0

SecuriteInfo.com.Artemis3956A314271F.14689.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.DelfInject

Status:

Malicious

First seen:

2020-06-06 10:28:58 UTC

File Type:

PE (Exe)

Extracted files:

296

AV detection:

27 of 31 (87.10%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

02fbb8bf86f5163a9e3dcf6c172a709c2bd68fc9586b71c7c84627cc049da3ae

1a64802e01d94712cb6daf8339296b78cf0a7a81251e80937d01d975b31938dc

23b916e5bb30f814e9819cf3499fe56820380b827b20f595022eabbd47267374

2fa59f06afb2e3c9bfa441137dbb4edeaec4c3c6ebf1fab6a7bf33cfa253a588

2fdb85c7a0a29e78f22e3b994c5835178f6b54162f4d72a224d9ac9d40c3b60f

63576b3bcc6c0509b9855aaa0ff27fa949da6f878e39cedf0f1bbb504aff7a98

7624dfdc9137caa3238792759440cc52c94c9c306169292396bae3b8e31a8956

86ab6a7f9d86cb1bb3ad5b55d788e785092177db39206f73bb23f6251d3c4baf

8a72a55d126b69bda2f37fd88050aeed02d97733f6777759b542db8a442435bc

ea0493a75251c59cbf9ae40a8c3ed4a0808adf8071f4c297d4fe52ead18962ef

+ 64 additional samples on MalwareBazaar

Result

Malware family:

darkcomet

Score:

10/10

Tags:

family:darkcomet persistence rat trojan

Link:

https://tria.ge/reports/201109-bkck3em1qx/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious use of SetThreadContext

Adds Run key to start application

Checks computer location settings

Loads dropped DLL

Executes dropped EXE

Darkcomet

Modifies WinLogon for persistence

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample