Details
Malware Family DarkComet
Date Added Feb. 1, 2016, 9:47 p.m.
MD5 265d643102e03b070107929eeb062329
Sha256 e16a419039b2bd96601e1e0ffdf6bdb5861cd2b12d6e9d6608d22e4ac54a3614
Robot Robots lovingly delivered by robohash.org
Config Sections
FWB 0
SID Guest16
FTPPASS 0123456789
CHIDEF 1
CHIDED 1
PERS 1
FTPROOT /
SH10 1
KEYNAME DarkComet RAT
MUTEX DC_MUTEX-JNNT2Z4
FILEATTRIB 6
EDTDATE 16/04/2007
NETDATA killer231.ddns.net:1604
GENCODE aA9yapH81Blm
EDTPATH DCSCMIN\IMDCSC.exe
MSGICON 48
FTPPORT 21
INSTALL 1
PERSINST 1
DIRATTRIB 6
SH1 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
SH9 1
FTPSIZE 10
FAKEMSG 1
MULTIBIND 1
CHANGEDATE 1
PDNS 127.0.0.1:arabian.ddns.net
MSGTITLE Welcome
FTPUSER username
OVDNS 1
COMBOPATH 7
FTPHOST ftp.yourhost.com
BIND 1
FTPUPLOADK 1
MELT 0
PWD hacker
MSGCORE 506C65617365207475726E206F666620616E7469766972757320626563617573652068652073746F70206E65776F726B21
OFFLINEK 1
Advertising
VirusTotal

46 out of 53 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
killer231.ddns.net 89.33.9.228 RO
Geo Location
Yara Rules
Comments
comments powered by Disqus