MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 70384e8c5ba3d348bf34e7071759c64c52fa2e21ac9c331e719cbf9116efa57d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 70384e8c5ba3d348bf34e7071759c64c52fa2e21ac9c331e719cbf9116efa57d
SHA3-384 hash: 883a3a1d1684db6734bab29a3b48b6531b904b66ea652c5bbecf6dc358b91f9555b0869a944d4171ae7c63577cb881fe
SHA1 hash: b767c8080a8baebc703481fa1ddab8d87bfb6718
MD5 hash: caaef1f76dd911414c85eca22856b38c
humanhash: utah-pip-robert-twelve
File name:70384e8c5ba3d348bf34e7071759c64c52fa2e21ac9c331e719cbf9116efa57d
Download: download sample
File size:259'584 bytes
First seen:2020-06-10 11:37:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a38ad86d74cafc45094a5085e33419e4 (109 x DarkComet, 1 x njrat)
ssdeep 6144:1cNYk1yuwEDBum3qYWnl0pd0EX3Zq2b6wfIDYm0PF:1cWkbgTYWnYnt/IDYhP
Threatray 61 similar samples on MalwareBazaar
TLSH 83442265EA610A05F2F8FD3F168247A695DC5E37EAA80153BF91730EF47E616030E349
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Upx-49
Create hunting rule

PUA.Win.Packer.UpxProtector-1
Create hunting rule

PUA.Win.Packer.Upolyx-12
Create hunting rule

PUA.Win.Packer.Upx-6
Create hunting rule

PUA.Win.Packer.Upx-4
Create hunting rule

PUA.Win.Packer.Exe-6
Create hunting rule

Win.Trojan.DarkKomet-1
Create hunting rule

Win.Trojan.Darkkomet-6745084-0
Create hunting rule

Win.Trojan.Darkkomet-7113180-0
Create hunting rule

PUA.Win.Packer.PrivateEXEProtector4-6192998-2
Create hunting rule

Gathering data
Threat name:
Win32.Backdoor.Fynloski
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 23:05:46 UTC
File Type:
PE (Exe)
Extracted files:
27
AV detection:
31 of 31 (100.00%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
13429271d76c4c33d286cc91d897a1e81c7c442ba6523b56685562e73cb19e60
1ba1a86e6f5e0e1e2f1a596018465345a90822163264c05647e8155edb88ce64
52b6f57b2e7a9fc832227cc0ae02794e506358a295dadcf75387755a1b84b1ea
806edea6dcd7aba5324f6a3c9f1f9f84e80baf0667e76d0c1e44ffefbc0655b1
9a414edf4a549a14b576e23122187a56029f4277cccaaa40f20f3f30d9a4ab99
a6184cc11ae5e53a2c52fc668690561b0ed9b7217e0ff7c0b236bce30fba1da3
bbc8f1873aefb2518b9675fdda8446a2ba7dc159bab9bfd08b40e19b654ea8bb
e131a045dc4874ee4eed8e75af0faeecaf86a80e18f13b9845a8b6f57686beec
f52cc86d7cf14cdc0c501285f31418a702fb88fceb639e5c4b295f9d9bcadb29
fee0b02e4e0358d8025fa74d2780dd557c2de871e03a82b3dd7aadaf451ea1a3
+ 51 additional samples on MalwareBazaar
Result
Malware family:
darkcomet
Create hunting rule
Score:
  10/10
Tags:
family:darkcomet persistence rat trojan upx
Link:
https://tria.ge/reports/201109-rmppfxt6mx/
Behaviour
Suspicious use of AdjustPrivilegeToken
Adds Run key to start application
Darkcomet
Modifies WinLogon for persistence
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments