MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7624dfdc9137caa3238792759440cc52c94c9c306169292396bae3b8e31a8956. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7624dfdc9137caa3238792759440cc52c94c9c306169292396bae3b8e31a8956
SHA3-384 hash: f4fbbdc6f66deb25588010a1449804611b77183cf28f23a69ea34941930353d4d23dfaf6d561b358c1b45e0cfa395061
SHA1 hash: dff7b4ddf7ce7a650611a0551917408c981624da
MD5 hash: 0f4f0b5b41e34cf1fd61c15ce50c12ce
humanhash: north-arkansas-comet-fruit
File name:7624dfdc9137caa3238792759440cc52c94c9c306169292396bae3b8e31a8956
Download: download sample
File size:735'232 bytes
First seen:2020-06-10 07:41:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'738 x AgentTesla, 19'596 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 12288:8TIKQBRm9XhHv/+fB5n/pojtxcQOa35Js8rCc1c0yF73J0pY3u0z8sCv2nThnDSw:8sKtXhP/uj/JEmB0q75bu/dv2ThnOTAX
Threatray 43 similar samples on MalwareBazaar
TLSH 07F4DFF881444925FFAD95B9DEAC0CE0E0652C80BEE12D942DDAE34DD556EA78830FF1
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Occamy
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 05:24:51 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
03e6b99846c4ab6a841fa7aa135d2e7230a98957c1595e2ee0bc2b14329871ca
17ae41e1fde622159bcfd56e80ce0cdee5edfc147370e77091f17eed192d54e0
23b916e5bb30f814e9819cf3499fe56820380b827b20f595022eabbd47267374
4cd80b1158f28fc2c53e2f84e5ae119bf54cc2507a8d649e649f2cc6458bf2de
5270cd6488da8841fbe6f1fa6b91f7b27be14bfcd52d1f2f3925cc2973ef4944
54efc75509d102fe879aae2a49098bd2f05183502e0ee554a3f6c1a7a4367ad9
63576b3bcc6c0509b9855aaa0ff27fa949da6f878e39cedf0f1bbb504aff7a98
78b1751491463b0d579eda079654d1dfb9296b98e2867b4fdc765256e5962398
8a72a55d126b69bda2f37fd88050aeed02d97733f6777759b542db8a442435bc
c2c82ee2700333d677bee2937f99b1e5657f339e23c27b5b7d2a397b672fffd9
+ 33 additional samples on MalwareBazaar
Result
Malware family:
darkcomet
Create hunting rule
Score:
  10/10
Tags:
family:darkcomet persistence rat trojan
Link:
https://tria.ge/reports/201109-qc9s6r59va/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Loads dropped DLL
Uses the VBS compiler for execution
Executes dropped EXE
Darkcomet
Modifies WinLogon for persistence
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments