Details
Malware Family DarkComet
Date Added Jan. 16, 2016, 3 a.m.
MD5 44e392bbc7deeb0b249fd2ee904b0615
Sha256 18f7eaaaf70e81db491108a65fe5339ca18db597e914987694b0d2e809709e48
Robot Robots lovingly delivered by robohash.org
Config Sections
MSGICON 0
CHIDEF 1
MSGTITLE Welcome
FTPPORT
FWB 0
SH6 1
MSGCORE 496620796F75207365652074686973206D6573736167652C206974206D65616E73207468652073747562206973206E6F74207375636365737366756C6C792072756E7321
FTPROOT
SH10 1
KEYNAME DarkComet RAT
MUTEX DCMIN_MUTEX-HPJC4TP
MELT 1
INSTALL 1
SID Guest16_min
SH4 1
FTPPASS
PERSINST 1
DIRATTRIB 6
SH1 1
CHIDED 1
FTPUSER
SH5 1
COMBOPATH 7
FTPHOST
SH8 1
FILEATTRIB 6
FTPUPLOADK
SH7 1
FAKEMSG 1
EDTDATE 16/04/2007
PERS 1
PWD 123
SH3 1
NETDATA hazha.no-ip.com:1604
SH9 1
OFFLINEK 1
GENCODE rfUAcVXnxpAj
FTPSIZE
CHANGEDATE 0
EDTPATH DCSCMIN\IMDCSC.exe
Advertising
VirusTotal

46 out of 55 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
hazha.no-ip.com 0
Geo Location
Yara Rules
Comments
comments powered by Disqus