Details
Malware Family DarkComet
Date Added Jan. 30, 2016, 3 a.m.
MD5 11334d8eb27752743b0c39590cc7f022
Sha256 979fb56cb8f79077338cbb6bf8f23f5d2502d3787f003e595cc50e0a7bfa4509
Robot Robots lovingly delivered by robohash.org
Config Sections
FWB 0
SID Guest16
FTPPASS 456456
CHIDEF 1
CHIDED 1
PERS 1
FTPROOT /systemfile/
SH10 1
KEYNAME MicroUpdate
MUTEX sys32
FILEATTRIB 6
EDTDATE 16/04/2007
NETDATA 80.223.90.207:200
GENCODE HERw96qf1wcV
EDTPATH MSDCSC\msdcsc.exe
MSGICON 64
FTPPORT 21
INSTALL 1
PERSINST 1
DIRATTRIB 6
SH1 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
MSGCORE 57656C636F6D6520746F204443
FTPSIZE 10
FAKEMSG 1
MULTIBIND 1
CHANGEDATE 0
PDNS 127.0.0.1:localhost
MSGTITLE Welcome
FTPUSER apkboost
OVDNS 1
COMBOPATH 10
FTPHOST apkboost.com
BIND 1
FTPUPLOADK 1
MELT 1
PWD 0123456789
SH9 1
OFFLINEK 1
Advertising
VirusTotal

50 out of 55 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
80.223.90.207 FI
Geo Location
Yara Rules
Comments
comments powered by Disqus