MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e3d039ff4df80a16aec37b13d85f4e75703de36b19694e3a70bae79b2eb46cc5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e3d039ff4df80a16aec37b13d85f4e75703de36b19694e3a70bae79b2eb46cc5
SHA3-384 hash: b8c8eb13e63676a6a3bdeaf7a235dac848bf3f303cea9c7593c344d3903ea6b764c5a1c783702ea85b02535f4a09faf6
SHA1 hash: 1c5d79badad7a6bb4abbccc7acaddb0e4877a6fb
MD5 hash: 1a7e7b3ecf021ea069f6c0820fcb9caa
humanhash: helium-river-september-maryland
File name:e3d039ff4df80a16aec37b13d85f4e75703de36b19694e3a70bae79b2eb46cc5
Download: download sample
File size:713'216 bytes
First seen:2020-06-10 07:42:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e5b4359a3773764a372173074ae9b6bd (60 x DarkComet, 2 x njrat, 1 x NanoCore)
ssdeep 12288:09HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/htlq:4Z1xuVVjfFoynPaVBUR8f+kN10EBM
Threatray 43 similar samples on MalwareBazaar
TLSH 0BE47E31B1808837D96239B89C5F92E5982A7E202E24754B36F53F4C5E3D683BD162DF
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.DarkKomet-1
Create hunting rule

PUA.Win.Packer.Exe-6
Create hunting rule

Win.Trojan.Darkkomet-6745084-0
Create hunting rule

Win.Trojan.Vobfus-6875610-0
Create hunting rule

Win.Trojan.Darkkomet-7113180-0
Create hunting rule

Win.Packed.Bladabindi-7194433-0
Create hunting rule

PUA.Win.Packer.PrivateEXEProtector4-6192998-2
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

PUA.Win.Adware.Dealply-6888238-0
Create hunting rule

Win.Trojan.Fynloski-40
Create hunting rule

Gathering data
Threat name:
Win32.Backdoor.Fynloski
Create hunting rule
Status:
Malicious
First seen:
2015-01-27 13:17:00 UTC
File Type:
PE (Exe)
Extracted files:
24
AV detection:
47 of 48 (97.92%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
03e6b99846c4ab6a841fa7aa135d2e7230a98957c1595e2ee0bc2b14329871ca
04ecc8a39bb1236fb737256d4438f3781141a95d8d55576bd1a7e17a0c8b5aa0
17ae41e1fde622159bcfd56e80ce0cdee5edfc147370e77091f17eed192d54e0
1f9ff29afc60eebf41511416db4988007f3d041744574ac144f88eaf82e52b25
4cd80b1158f28fc2c53e2f84e5ae119bf54cc2507a8d649e649f2cc6458bf2de
5270cd6488da8841fbe6f1fa6b91f7b27be14bfcd52d1f2f3925cc2973ef4944
78b1751491463b0d579eda079654d1dfb9296b98e2867b4fdc765256e5962398
967db64d16674b438203bc9303f8e7ad4f424ada45eb28330dd61295ee86786d
a3c44389aac31e62cd3267525d4cfebbd65c32fbaec918500b606d67b0ea62d8
b54347c754b7095d0a38c7180eaa71e50c4431b7c721f7791483babb2610d17b
+ 33 additional samples on MalwareBazaar
Result
Malware family:
darkcomet
Create hunting rule
Score:
  10/10
Tags:
family:darkcomet persistence rat trojan
Link:
https://tria.ge/reports/201109-gnstmhnp5s/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Adds Run key to start application
Loads dropped DLL
Executes dropped EXE
Darkcomet
Modifies WinLogon for persistence
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments