Details
Malware Family DarkComet
Date Added April 22, 2016, 6:28 a.m.
MD5 3933472352378eb973f64c535ce812ae
Sha256 80000db30906f299a9875beec32dd7359dd7b16c573cdca351ea83ada03d2278
Robot Robots lovingly delivered by robohash.org
Config Sections
FWB 1
SID Guest16_min
FTPPASS
CHIDEF 1
CHIDED 1
PERS 1
FTPROOT
SH10 1
KEYNAME DarkComet RAT
MUTEX DCMIN_MUTEX-211QG8M
FILEATTRIB 2
EDTDATE 16/04/2007
NETDATA 192.168.0.100:1604
GENCODE 8lvAwDfD8Up1
EDTPATH DCSCMIN\IMDCSC.exe
MSGICON 16
FTPPORT
INSTALL 1
PERSINST 0
DIRATTRIB 2
SH1 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
MSGCORE 4661696C6420746F206F70656E20556E6974792070726F6A656374
FTPSIZE
FAKEMSG 1
CHANGEDATE 0
PDNS hou2764.ddns.net:localhost
MSGTITLE error 404
FTPUSER
OVDNS 1
COMBOPATH 7
FTPHOST
BIND 1
FTPUPLOADK
MELT 0
PWD ARAg0st@
SH9 1
OFFLINEK 1
Advertising
VirusTotal

46 out of 56 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
192.168.0.100 0
Geo Location
Yara Rules
Comments
comments powered by Disqus