Details
Malware Family DarkComet
Date Added April 22, 2016, 6:28 a.m.
MD5 26a0e2cf074729f56ea937c5f7887330
Sha256 5b950a47e2c659b99b71ccddb501a095f39f7dbd64f75c153189a31af347465b
Robot Robots lovingly delivered by robohash.org
Config Sections
FWB 0
SID User
FTPPASS 5242424q
CHIDEF 1
CHIDED 1
PERS 1
FTPROOT /
SH10 1
KEYNAME Windows Malware
MUTEX DC_MUTEX-BA58MZP
FILEATTRIB 6
EDTDATE 16/04/2007
NETDATA microsoft-malware.myftp.biz:9713
GENCODE qHvrBYrRBCN7
EDTPATH MRTD\solutions.exe
MSGICON 48
FTPPORT 21
INSTALL 1
PERSINST 1
DIRATTRIB 6
SH1 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
MSGCORE 54686973206170706C69636174696F6E207265717569726573206F6E65206F662074686520666F6C6C6F77696E672076657273696F6E73206F6620746865204D6963726F736F6674202E4E4554204672616D65776F726B20342E30
FTPSIZE 200
FAKEMSG 1
CHANGEDATE 0
PDNS 127.0.0.1:store.steampowered.com|127.0.0.1:www.store.steampowered.com|127.0.0.1:http://steamcommunity.com|127.0.0.1:steamcommunity.com|127.0.0.1:www.steamcommunity.com
MSGTITLE Microsoft .NET Framework
FTPUSER r00t@omen.website
OVDNS 1
COMBOPATH 2
FTPHOST ftp.omen.website
BIND 1
FTPUPLOADK 1
MELT 1
PWD 1234
SH9 1
OFFLINEK 1
Advertising
VirusTotal

52 out of 56 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
microsoft-malware.myftp.biz 0
Geo Location
Yara Rules
Comments
comments powered by Disqus