Details
Malware Family DarkComet
Date Added Jan. 21, 2016, 3 a.m.
MD5 094a14889bcadf4adee0a487163c6f99
Sha256 0da7564e3775ed16a079fda1b5ec46be30a6ddc1d80f33ecba3f9d42148874b8
Robot Robots lovingly delivered by robohash.org
Config Sections
FWB 1
SID Suka
FTPPASS supermane13127
CHIDEF 1
CHIDED 1
PERS 1
FTPROOT /LEGENDARY/
SH10 1
KEYNAME Anti-Virus
MUTEX DC_MUTEX-UGCGE5G
FILEATTRIB 6
EDTDATE 16/04/2007
NETDATA glingoll.ddns.net:1604
GENCODE xoLlFLpkbvYP
EDTPATH MSDCSC\AVR.exe
MSGICON 64
FTPPORT 21
INSTALL 1
PERSINST 1
DIRATTRIB 6
SH1 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
MSGCORE 506C6561736520696E7374616C6C20746865206E6574776F726B696E6720736F6674776172650D0A2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D0D0A48616D616368690D0A0D0A546869732077696C6C20656E61626C65206E6574776F726B20636F6D6D756E69636174696F6E730D0A7769746820746865204D61784D3131204D696E656372616674205365727665720D0A5468616E6B20596F752121
FTPSIZE 10
FAKEMSG 1
MULTIBIND 1
CHANGEDATE 1
PDNS alaawael.no-ip.biz:
MSGTITLE Network Communications
FTPUSER u369749123
COMBOPATH 3
FTPHOST ftp.unknow-stresser.fr
BIND 1
FTPUPLOADK 1
MELT 1
PWD 0987654321
SH9 1
OFFLINEK 1
Advertising
VirusTotal

38 out of 53 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
glingoll.ddns.net 212.96.109.78 RU
Geo Location
Yara Rules
Comments
comments powered by Disqus