Details
Robot
FileName
Malware Family DarkComet
Date Added 2016-01-16 03:00:03
MD5 1b3b3a0f793f302cd3ce2b5ae1ac7262
Sha256 1f9eb8af41987fa2b6371a13b1b768fe1ca433263de3b94e87905b35a62deedc
Robot Robots lovingly delivered by robohash.org
Advertising
C2 Data
FTPSIZE 10
SH10 1
MUTEX DC_MUTEX-1J06845
SH9 1
MSGCORE 5448414E4B20594F5520464F52205553494E4720544849532050524F4752414D204D414445204259204A414D4553200D0A4946204E4F5448494E472048415050454E53205748454E2055204F50454E20544849532050524F4752414D204D414B4520535552452055204841564520544845200D0A4E4554204652414D45574F524B20494E5354414C4C4544
FTPPORT 21
CHIDEF 1
GENCODE aVB5vz8lHyb7
SID Guest16
NETDATA drhackers.ddns.net:1604|hackernakazal.ddns.net:1604|grrtgrgrtg.no-ip.org:1604
SH8 1
MELT 1
SH6 1
CHIDED 1
FTPROOT /
MSGTITLE successfully installed turtleness
FILEATTRIB 6
OFFLINEK 1
DIRATTRIB 6
CHANGEDATE 1
KEYNAME MicroUpdate
PDNS dummheitpur.ddns.net:dummheitpur.ddns.net
PERSINST 1
EDTPATH MSDCSC\msdcsc.exe
MSGICON 48
COMBOPATH 3
PERS 1
FAKEMSG 1
BIND 1
FTPUPLOADK 1
SH1 1
FWB 1
SH7 1
FTPPASS 0123456789
FTPHOST ftp.yourhost.com
PWD 0123456
FTPUSER username
SH4 1
SH5 1
EDTDATE 16/04/2007
SH3 1
INSTALL 1
Virustotal

48 out of 55 AV Engines identified the sample as Malicious.

Virustotal Report

C2 Information
Domain FQDN IP Country Code
no-ip.org grrtgrgrtg.no-ip.org 5.141.141.242 RU