MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5ca4c629ded2184d8da691c45bf968b7670383a9dbb2ac3206940bd9b8e5ecd5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DarkComet


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5ca4c629ded2184d8da691c45bf968b7670383a9dbb2ac3206940bd9b8e5ecd5
SHA3-384 hash: 9174b5e1f2f8f195e8daf0c7e9d5a33ca29cfbfbe20fcf68fd475c0d8b99baec0a33806845012156ca49b642a0a94760
SHA1 hash: 1ab0d15c4c2747b4c97a71a0b83ba5565835dd69
MD5 hash: f55a84b1fe38d9cac0922134bd29272f
humanhash: foxtrot-alaska-river-ceiling
File name:Order Requirement 341.zip
Download: download sample
Signature DarkComet
Create hunting rule
File size:2'028'605 bytes
First seen:2021-01-19 06:40:33 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 49152:AxM3IEYaxYRsmwsD2FyEA1chPaxYwQHydv8zxtOoMQz821:eq0YqsPFHlJaxYKO5Mu8i
TLSH 9B9533D3C21BED56757840B9B8978C3A9FFDFA0A8B82A1C983D0D497494384D1F26937
Reporter abuse_ch
Tags:DarkComet RAT Yahoo zip


Avatar
abuse_ch
Malspam distributing DarkComet:

HELO: sonic306-3.consmr.mail.bf2.yahoo.com
Sending IP: 74.6.132.42
From: M.A Industrial Supplier <ma_industrialsuppliers@yahoo.com>
Subject: Payment
Attachment: Order Requirement 341.zip (contains "Order Requirement 341.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
715
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fs2008.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.EXE.Obfus-4.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.23990.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5ca4c629ded2184d8da691c45bf968b7670383a9dbb2ac3206940bd9b8e5ecd5/
Threat name:
Win32.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2021-01-19 06:41:05 UTC
AV detection:
5 of 46 (10.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lssmmko62ime3dngshcfx6liw5tqha5j3ozkymqgsqf5tohf5tkq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
DarkComet
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5ca4c629ded2184d8da691c45bf968b7670383a9dbb2ac3206940bd9b8e5ecd5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

DarkComet

zip 5ca4c629ded2184d8da691c45bf968b7670383a9dbb2ac3206940bd9b8e5ecd5

(this sample)

DarkComet

Executable exe 2d631fe6c1c02c67198648c5f7ae1891262bf277721f664bd6c8ffb0e7d6a681

  
Dropping
MD5 f0706cd83ed4da6d24a71767ccfd5741
  
Dropping
DarkComet
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2d631fe6c1c02c67198648c5f7ae1891262bf277721f664bd6c8ffb0e7d6a681

Comments