Details
Malware Family DarkComet
Date Added May 25, 2016, 3 a.m.
MD5 3e50d662153eed0426d78d3b73042002
Sha256 c71b7e23e61a84a8d3275584b57d0cfc7bcddb4aa877e86f55627c19fdf537da
Robot Robots lovingly delivered by robohash.org
Config Sections
FWB 0
SID Guest16
FTPPASS 123cod321
CHIDEF 1
CHIDED 1
PERS 1
FTPROOT /
SH10 1
KEYNAME MicroUpdate
MUTEX DC_MUTEX-4FFVDAB
FILEATTRIB 6
EDTDATE 16/04/2007
NETDATA c4eva.zapto.org:1604
GENCODE 3HR7B0J0oVKP
EDTPATH MSDCSC\msdcsc.exe
MSGICON 16
FTPPORT 21
INSTALL 1
PERSINST 1
DIRATTRIB 6
SH1 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
MSGCORE 4572726F7237323430353337
FTPSIZE 10
FAKEMSG 1
MULTIBIND 1
CHANGEDATE 0
PDNS 10.5.50.125:drhackerstar.no-ip.biz
MSGTITLE Error
FTPUSER sticksonice@mail.com
OVDNS 1
COMBOPATH 4
FTPHOST ftp.mail.com
BIND 1
FTPUPLOADK 1
MELT 0
PWD 4321
SH9 1
OFFLINEK 1
Advertising
VirusTotal

53 out of 57 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
c4eva.zapto.org 204.95.99.66 US
Geo Location
Yara Rules
Comments
comments powered by Disqus