MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8c6608070be8549c100739764a5bcf142c6af84a61d0d149c7e37d7c06657343. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DarkComet


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8c6608070be8549c100739764a5bcf142c6af84a61d0d149c7e37d7c06657343
SHA3-384 hash: fafe7460f6e536584351ba2b317add8e1f20a2fb792351adbf2ee09eae8d13e1d2e7164a1582ced5bd2e06451514305d
SHA1 hash: 4665c652a5464ade6a2ed94b80930d25232c9fa7
MD5 hash: d0feb30e2182eb0688d5c7b7d0685695
humanhash: solar-montana-texas-lamp
File name:Payment 761.zip
Download: download sample
Signature DarkComet
Create hunting rule
File size:1'976'773 bytes
First seen:2021-02-16 06:23:40 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 49152:COzHc1XnqIZvHODQu9veN8VZEDRHyVAwlEcOYpAFLDG4NHqpP5yqtk:C/llduJXFvScnpUCph1tk
TLSH 459533381E00A5F7B9CB8A7621DD01B1ECABF1D529F42521D3AD1C386D6ED6B1630E63
Reporter abuse_ch
Tags:DarkComet RAT Yahoo zip


Avatar
abuse_ch
Malspam distributing DarkComet:

HELO: sonic306-3.consmr.mail.bf2.yahoo.com
Sending IP: 74.6.132.42
From: williamsgreens79@yahoo.com <williamsgreens79@yahoo.com>
Subject: Payment
Attachment: Payment 761.zip (contains "Payment 761.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
759
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.EXE.Obfus-4.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8c6608070be8549c100739764a5bcf142c6af84a61d0d149c7e37d7c06657343/
Threat name:
Win32.Trojan.Emali
Create hunting rule
Status:
Malicious
First seen:
2021-02-16 06:24:08 UTC
AV detection:
4 of 47 (8.51%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rrtaqbyl5bkjyeahhf3euw6pcqwgv6ckmhincsoh4n6xybtfonbq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
DarkComet
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8c6608070be8549c100739764a5bcf142c6af84a61d0d149c7e37d7c06657343

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

DarkComet

zip 8c6608070be8549c100739764a5bcf142c6af84a61d0d149c7e37d7c06657343

(this sample)

DarkComet

Executable exe 0988c85492437167f5cef3d98c7313ac4c15ca9c765b89261fad0622bf61622f

  
Dropping
MD5 62a68863c4cc45f3044a82468175e2d8
  
Dropping
DarkComet
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0988c85492437167f5cef3d98c7313ac4c15ca9c765b89261fad0622bf61622f

Comments