MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fd869766f1f735b4c1479ec1300fd63f4a203142e4ed0e6ac18f05d1cdba3ac8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fd869766f1f735b4c1479ec1300fd63f4a203142e4ed0e6ac18f05d1cdba3ac8
SHA3-384 hash: 2090d03e0e1a36b8138275aa11c6325c8727ab36028432a6631e17c58582a22a53fb7842994055b0ed873c23add033d4
SHA1 hash: cef08737ea3ec6def599963edb2cd436a96a27ad
MD5 hash: c44945b3ae7f4dee7a99340e3245a246
humanhash: august-avocado-lactose-carbon
File name:fd869766f1f735b4c1479ec1300fd63f4a203142e4ed0e6ac18f05d1cdba3ac8
Download: download sample
File size:1'932'721 bytes
First seen:2020-06-17 08:51:25 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4cfda23baf1e2e983ddfeca47a5c755a (33 x RedLineStealer, 6 x Dridex, 5 x NetSupport)
ssdeep 49152:vKhxFqLjS3HBsDutg0vnQQXOKhhKl4QiBiq21UKsXE:vKhWfkBsDsvQ8ZLK+QiBUsXE
Threatray 59 similar samples on MalwareBazaar
TLSH E59523113585C432C5234370DCAEA6F2A5B1BC34D7A1554F7BC87E5EBB723A38269B82
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
DarkComet
Create hunting rule
Link:
https://www.capesandbox.com/analysis/19233/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Stealer.24943.1502.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Backdoor.DarkComet
Create hunting rule
Status:
Malicious
First seen:
2015-05-08 11:28:00 UTC
File Type:
PE (Exe)
Extracted files:
28
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
03e6b99846c4ab6a841fa7aa135d2e7230a98957c1595e2ee0bc2b14329871ca
1b13660c52adcccc1cef45f137a3373f5615500a609c61a9872e5ed4336e629a
27dbff4b16fa15497def710d494b48ad90c3a498c354cee50fc0e35081dcfbb7
2d40a6c3d1200616055b55031daa8a6b010b3c99219f6b6da87bcd2b2f27d6c2
3a5943219f8400531a411b909b666337ba4f232d19e003a0128e0d699106f04f
44c7ef261a066790a4ce332afc634fb5f89f3273c0c908ec02ab666088b27757
5ade1071b7d6a1abe0b851d953fe1571f7372bce3d48f0adedfbbecd02c512c6
73acff9ea3647f699cd645b09e652ca498eea7c5cee9f3cb573afda67a0ceeb2
cf1e8f2fc2dd05514be3e8f92abf5b266dfb1547cc611dabc0cc4eea5a1b7dfe
e131a045dc4874ee4eed8e75af0faeecaf86a80e18f13b9845a8b6f57686beec
+ 49 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence evasion
Link:
https://tria.ge/reports/200624-3ebbn9hpf6/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Views/modifies file attributes
Drops file in System32 directory
Adds Run entry to start application
Loads dropped DLL
Executes dropped EXE
Sets file to hidden
Modifies WinLogon for persistence
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/19233/

Comments