Details
Malware Family DarkComet
Date Added April 14, 2016, 6:52 a.m.
MD5 045883155db67d37b0d3b6ad605747d2
Sha256 c34c5fcb70eaaa9138ff491ddbf02de6989f083b7b9f2fd037713e6bea1b59a7
Robot Robots lovingly delivered by robohash.org
Config Sections
MSGICON 16
CHIDEF 1
MSGTITLE KopHack
FTPPORT
FWB 0
SH6 1
MSGCORE 5B6572726F725D3A30303030303039367830303132
FTPROOT
SH10 1
KEYNAME MicroUpdate
MUTEX DC_MUTEX-UX35FRU
MELT 1
INSTALL 1
SID Guest16
SH4 1
FTPPASS
PERSINST 1
DIRATTRIB 6
SH1 1
CHIDED 1
FTPUSER
SH5 1
COMBOPATH 7
FTPHOST
SH8 1
FILEATTRIB 6
FTPUPLOADK
SH7 1
FAKEMSG 1
EDTDATE 16/04/2007
PERS 1
PWD
SH3 1
NETDATA vzlomuser.ddns.net:1604|vzlomuser.ddns.net:1604
SH9 1
OFFLINEK 1
GENCODE 6UCADrKgmwND
FTPSIZE
CHANGEDATE 0
EDTPATH MSDCSC\msdcsc.exe
Advertising
VirusTotal

49 out of 56 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
vzlomuser.ddns.net 188.186.88.2 RU
vzlomuser.ddns.net 188.186.88.2 RU
Geo Location
Yara Rules
Comments
comments powered by Disqus