MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6038e37ba1da37980c6d1436a98e4793843e153511b8e54f8411b428d3e31ef1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

DarkComet

Vendor detections: 6

Intelligence 6 IOCs YARA 4 File information Comments

SHA256 hash:	6038e37ba1da37980c6d1436a98e4793843e153511b8e54f8411b428d3e31ef1
SHA3-384 hash:	a3c2a6319aa34475a636c3585bdd60d266830a1ec167834a780abf373dca9fc4bd16382e8124248da2311f58ec7db540
SHA1 hash:	890c0c40ecb6d2ed7f68fbef11b82511277f206b
MD5 hash:	8ecf92496093bb512f7a8313431dad91
humanhash:	berlin-pizza-network-summer
File name:	6038e37ba1da37980c6d1436a98e4793843e153511b8e54f8411b428d3e31ef1
Download:	download sample
Signature	DarkComet Create hunting rule
File size:	240'640 bytes
First seen:	2020-07-06 07:13:03 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	dd2e3254a193cf4be6d2ce044c38fcf5 (10 x DarkComet)
ssdeep	6144:oYLtU7Ixhnhz5TN6mJWd/7qMD8gmggfo:/sI3lFZWdqswtf
Threatray	104 similar samples on MalwareBazaar
TLSH	4E34231DD25F6F95D9F47138A9C87128277CE42EA1E883A602612D29F8D3D588FFDA01
Reporter	JAMESWT_WT
Tags:	DarkComet

Intelligence

File Origin

# of uploads :

# of downloads :

455

Origin country :

n/a

Vendor Threat Intelligence

Detection:

DarkComet

Link:

https://www.capesandbox.com/analysis/21075/

Detection(s):

PUA.Win.Packer.Mpress-7

Win.Trojan.DarkKomet-1

PUA.Win.Packer.Exe-6

Win.Trojan.Darkkomet-6745084-0

Win.Trojan.Vobfus-6875610-0

Win.Trojan.Darkkomet-7113180-0

PUA.Win.Packer.PrivateEXEProtector4-6192998-2

Win.Trojan.DarkKomet-185

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6038e37ba1da37980c6d1436a98e4793843e153511b8e54f8411b428d3e31ef1/

Threat name:

Win32.Backdoor.Fynloski

Status:

Malicious

First seen:

2020-06-27 06:24:00 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

31 of 31 (100.00%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=ma4og65b3i3zqddncq3ktdshsocd4fjvcg4okt4ecg2cru7dd3yq._file

Verdict:

malicious

DarkComet

211ba4f837f7cf86daa1fb036cadd3b1b2d1402dc2089a9d5ca41d1b7363c531

DarkComet

6de9fe7d510845139ac7228f137e50d6caa771be883b1a1b5f2244ab04ca5b79

DarkComet

8c6e732e13a2e7d8a028f9a6462c434502314a3b19c583b1b29ede417dd37d17

DarkComet

a6567a1726d585e88daad82e04b9f7fee70d4ebe7b5b37e73e45f32c18233419

DarkComet

a735f487179cdb2e5fb6a366750e12c774d485a6259cbdc8c0aa6f726b1992f7

DarkComet

d00ee0e6eab686424f8d383e151d22005f19adbda5b380a75669629e32fe12a6

DarkComet

e7662182c984884cdf7c0c436538bc82cb1d8f91c2d6bfe0cec1ba9b3d63c259

DarkComet

ed4aef67444c1b22bd8ef038a1544fbcc65b602111020db1a5a2a88e1964e4f1

DarkComet

fd7ee166a2ef80d3dc9668383540eade22f9cf7125a870bd0efb0f14b1239e31

DarkComet

+ 94 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/200706-9t33ydj1wx/

Behaviour

Suspicious use of AdjustPrivilegeToken

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Malware_QA_update Create hunting rule
Author:	Florian Roth
Description:	VT Research QA uploaded malware - file update.exe
Reference:	VT Research QA

Rule name:	RAT_DarkComet Create hunting rule
Author:	Kevin Breen <kevin@techanarchy.net>
Description:	Detects DarkComet RAT
Reference:	http://malwareconfig.com/stats/DarkComet

Rule name:	suspicious_packer_section Create hunting rule
Author:	@j0sm1
Description:	The packer/protector section names/keywords
Reference:	http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/

Rule name:	win_darkcomet_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/21075/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample