Details
Malware Family DarkComet
Date Added May 25, 2016, 3 a.m.
MD5 2c45407112c7e78a2288fc2c223a0779
Sha256 73a7c7acb80d685dacb764fcb411765e135f92dd23c57765739fb58eb5950ac1
Robot Robots lovingly delivered by robohash.org
Config Sections
FWB 1
SID Guest16
FTPPASS 0123456789
CHIDEF 1
CHIDED 1
PERS 1
FTPROOT /
SH10 1
KEYNAME MicroUpdate
MUTEX DC_MUTEX-JASGLY2
FILEATTRIB 6
EDTDATE 16/04/2007
NETDATA hacked321.ddns.net:1604|localhost:1604
GENCODE 9rKW6LbmR5Dw
EDTPATH MSDCSC\msdcsc.exe
MSGICON 16
FTPPORT 21
INSTALL 1
PERSINST 0
DIRATTRIB 0
SH1 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
MSGCORE 686579
FTPSIZE 10
FAKEMSG 1
MULTIBIND 1
CHANGEDATE 0
PDNS 10.5.50.125:drhackerstar.no-ip.biz
MSGTITLE hello
FTPUSER username
OVDNS 1
COMBOPATH 7
FTPHOST ftp.yourhost.com
BIND 1
FTPUPLOADK 1
MELT 1
PWD fsszika1
SH9 1
OFFLINEK 1
Advertising
VirusTotal

54 out of 57 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
hacked321.ddns.net 95.191.237.200 RU
localhost 0
Geo Location
Yara Rules
Comments
comments powered by Disqus