Details
Malware Family DarkComet
Date Added Jan. 16, 2016, 3 a.m.
MD5 1f86509c79f9edf6cd1469974774b3c2
Sha256 27a39d584151576949cf4c920f6b8abc097fc18a16316c89d37d5f69e4b6357d
Robot Robots lovingly delivered by robohash.org
Config Sections
MSGICON 0
CHIDEF 1
MSGTITLE
FTPPORT 21
FWB 0
SH6 1
MSGCORE 426F6E6A6F75722C206D6572636920642761766F6972206F75766572742064652066696368696572
FTPROOT /
SH10 1
KEYNAME MicroUpdate
MUTEX DC_MUTEX-655PPKD
MELT 0
INSTALL 1
SID Guest16
SH4 1
FTPPASS 0123456789
PERSINST 0
DIRATTRIB 6
SH1 1
CHIDED 1
FTPUSER username
SH5 1
COMBOPATH 7
FTPHOST ftp.yourhost.com
SH8 1
FILEATTRIB 6
FTPUPLOADK 1
SH7 1
FAKEMSG 1
EDTDATE 16/04/2007
PERS 1
PWD 123
SH3 1
NETDATA pandoragg.ddns.net:1604
SH9 1
OFFLINEK 1
GENCODE V7EfTHDTtnEl
FTPSIZE 10
CHANGEDATE 0
EDTPATH MSDCSC\msdcsc.exe
Advertising
VirusTotal

49 out of 55 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
pandoragg.ddns.net 5.221.213.59 IR
Geo Location
Yara Rules
Comments
comments powered by Disqus