Details
Malware Family DarkComet
Date Added April 23, 2016, 3 a.m.
MD5 25817762cd05b6a6e4e4d5b11b130eb3
Sha256 bbb885fb41cf5a4e625b4114337c013515ec3a6270fb29ba9eda84267d72b0ac
Robot Robots lovingly delivered by robohash.org
Config Sections
FWB 1
SID Guest16
FTPPASS ExpExpExp11
CHIDEF 1
CHIDED 1
PERS 1
FTPROOT /
SH10 1
KEYNAME MicroUpdate
MUTEX DC_MUTEX-0V9Y8W4
FILEATTRIB 295
EDTDATE 16/04/2007
NETDATA test123r.ddns.net:1604
GENCODE .wLt*rCKkF5o
EDTPATH MSDCSC\msdcsc.exe
MSGICON 64
FTPPORT 21
INSTALL 1
PERSINST 1
DIRATTRIB 295
SH1 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
MSGCORE 5761726661636520EDE520EBE0E3E0E5F220EDE020313225
FTPSIZE 1
FAKEMSG 1
MULTIBIND 1
CHANGEDATE 0
PDNS bymayer.ddns.net:localhost
MSGTITLE
FTPUSER a5205743
OVDNS 1
COMBOPATH 7
FTPHOST veryneed.net16.net
BIND 1
FTPUPLOADK 1
MELT 1
PWD stockbeen
SH9 1
OFFLINEK 1
Advertising
VirusTotal

49 out of 57 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
test123r.ddns.net 5.149.150.90 RU
Geo Location
Yara Rules
Comments
comments powered by Disqus