MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e87d969f284a2d8faaf317630039161dbe2cfbb38d38cba0c5344c3c19f70e81. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DarkComet


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e87d969f284a2d8faaf317630039161dbe2cfbb38d38cba0c5344c3c19f70e81
SHA3-384 hash: a3bcf5b9e9f72812b306a30e26b48ddf05e7f2dd7d9242b5a570348c37db78d2cb486dce21cea6142d38302277449097
SHA1 hash: e7da81483797c53555f7c95a562d919ae77d5684
MD5 hash: a2e9f540b11ad7f8e30be88115bc378e
humanhash: helium-carbon-alpha-timing
File name:Order Requirement 541.zip
Download: download sample
Signature DarkComet
Create hunting rule
File size:2'044'753 bytes
First seen:2021-02-09 08:28:09 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 49152:aIL6l1okvfZQFmsYHynXelN44DA7bFZ9Nk:N2SknZkmsYHynXeEddZ9y
TLSH 5B953350CA293E4FA93873969EF03E5A1E2500430E3D1AF7AE535A079F6C175E98F21D
Reporter abuse_ch
Tags:DarkComet Yahoo zip


Avatar
abuse_ch
Malspam distributing DarkComet:

HELO: sonic301-29.consmr.mail.bf2.yahoo.com
Sending IP: 74.6.129.228
From: Kiyasha Amaidas <klyasha27@yahoo.com>
Subject: Purchase Order
Attachment: Order Requirement 541.zip (contains "Order Requirement 541.exe")

DarkComent RAT C2:
chrisle79.ddns.net:3317

Intelligence

File Origin
# of uploads :
1
# of downloads :
764
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fs2008.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.EXE.Obfus-4.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.23990.ZipHeur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e87d969f284a2d8faaf317630039161dbe2cfbb38d38cba0c5344c3c19f70e81/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5b6znhzijiwy7kxtc5rqaoiwdw7cz65tru4mxigfgrgdygpxb2aq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
DarkComet
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e87d969f284a2d8faaf317630039161dbe2cfbb38d38cba0c5344c3c19f70e81

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

DarkComet

zip e87d969f284a2d8faaf317630039161dbe2cfbb38d38cba0c5344c3c19f70e81

(this sample)

DarkComet

Executable exe 7c53cf8628e9d03bde5397b41277ee48b963122bc3d6ed0a090ee0908c04023d

  
Dropping
MD5 9631ecf5da619ba850ff227e4e5e634a
  
Dropping
DarkComet
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7c53cf8628e9d03bde5397b41277ee48b963122bc3d6ed0a090ee0908c04023d

Comments