Details
Malware Family DarkComet
Date Added Dec. 2, 2016, 6:25 a.m.
MD5 1274b9834b85cff346644636bdace384
Sha256 6631c41c1c6788b3eb22bf1c680cca34c0b1d3186e695021a80ff22d6569cd93
Robot Robots lovingly delivered by robohash.org
Config Sections
FTPPORT
FWB 0
FTPROOT
KEYNAME microUpdate
MUTEX DC_MUTEX-5LY62SU
MELT 1
INSTALL 1
SID Russia
FTPPASS
PERSINST 1
DIRATTRIB 6
PDNS 127.0.0.1:google.com|127.0.0.1:microsoft.com|127.0.0.1:virustotal.com|127.0.0.1:yahoo.com
FTPUSER
OVDNS 1
COMBOPATH 3
FTPHOST
FILEATTRIB 6
FTPUPLOADK
EDTDATE 16/04/2007
PERS 1
PWD RussiaCampaign0010X
MULTIBIND 1
NETDATA 9rv935y94vqw9orq90.net:5714|iwu3v02U5HN2pi3h5n.com:5714|micr0s0ftactivationp0rtal:5714
BIND 1
OFFLINEK 1
GENCODE AZHvVB4TFp4q
FTPSIZE
CHANGEDATE 1
EDTPATH MicrosoftUpdater\microUp2Date.exe
Advertising
VirusTotal

52 out of 57 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
9rv935y94vqw9orq90.net 0
iwu3v02U5HN2pi3h5n.com 0
micr0s0ftactivationp0rtal 0
Geo Location
Yara Rules
Comments
comments powered by Disqus