Details
Malware Family DarkComet
Date Added Oct. 25, 2015, 10:48 p.m.
MD5 10cfa9d58a011d0cf3f0c1f6fce41b00
Sha256 47edd481436b70c4845d42521ae6fcf01ece877ed4a472445a091282c9d9c661
Robot Robots lovingly delivered by robohash.org
Config Sections
MSGICON 16
CHIDED 1
FTPPORT 21
FWB 1
EDTDATE 16/04/2007
INSTALL 1
SID Guest16
FTPPASS nokia6280
PERSINST 0
DIRATTRIB 6
CHIDEF 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
SH9 1
FTPSIZE 1
FAKEMSG 1
PERS 1
PDNS 127.0.0.1:localhost|127.0.0.1:localhost
CHANGEDATE 0
SH1 1
FTPROOT /
SH10 1
KEYNAME MicroUpdate
MUTEX DC_MUTEX-VL481JT
MSGTITLE Video
FTPUSER user1254206
FILEATTRIB 6
COMBOPATH 7
FTPHOST www12.subdomain.com
BIND 1
FTPUPLOADK 1
MELT 0
PWD 0123456789
NETDATA surindan.no-ip.info:1604
MSGCORE This video is not supported.
OFFLINEK 1
GENCODE bmcJuvsPqDff
EDTPATH MSDCSC\msdcsc.exe
Advertising
VirusTotal

50 out of 57 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
surindan.no-ip.info 0.0.0.0 0
Geo Location
Yara Rules
Comments
comments powered by Disqus