Details
Robot
FileName
Malware Family DarkComet
Date Added 2016-01-17 06:42:16
MD5 2c2c0aeb8f516a603590ea3821f5af7f
Sha256 8a428c2d00221a2c96a3e3f9eaac17ecbffacb9169c8c806567fd0bbeb728859
Robot Robots lovingly delivered by robohash.org
Advertising
C2 Data
FTPSIZE 10
SH10 1
MUTEX DC_MUTEX-4SQNSRL
SH9 1
MSGCORE C2E0F8FC20EAEEECEFFCFEF2E5F020E2E7EBEEECE0ED20F5E0EAE5F0EEEC20206D722E5820
FTPPORT 21
CHIDEF 1
GENCODE AE4gKuX7ca02
SID User 1
NETDATA 127.0.0.1:1604
SH8 1
MELT 0
SH6 1
CHIDED 1
FTPROOT /DarkComet/
MSGTITLE mr.X
FILEATTRIB 0
OFFLINEK 1
DIRATTRIB 0
CHANGEDATE 0
KEYNAME MicroUpdate
PERSINST 0
EDTPATH MSDCSC\msdcsc.exe
MSGICON 0
COMBOPATH 7
PERS 1
FAKEMSG 1
BIND 1
FTPUPLOADK 1
SH1 1
FWB 0
SH7 1
FTPPASS Mko09ijnbhu87ygv
FTPHOST teknoblog.cf
PWD 3333
FTPUSER teknoblog
SH4 1
SH5 1
EDTDATE 16/04/2007
SH3 1
INSTALL 1
Virustotal

47 out of 55 AV Engines identified the sample as Malicious.

Virustotal Report

C2 Information
Domain FQDN IP Country Code
127.0.0.1 0