Details
Malware Family DarkComet
Date Added April 22, 2016, 6:28 a.m.
MD5 45ba13a67fc113e85312dd7d8cac977d
Sha256 5f633ee4273cc0b7475d0886ef13e3010910ac5deb060c25389ce0fe759f6036
Robot Robots lovingly delivered by robohash.org
Config Sections
FWB 0
SID Guest16
FTPPASS 5242424q
CHIDEF 1
CHIDED 1
PERS 1
FTPROOT /
SH10 1
KEYNAME MicroUpdate
MUTEX DC_MUTEX-AK3U99Y
FILEATTRIB 6
EDTDATE 16/04/2007
NETDATA kagero-grup.sytes.net:91|kagerosys.sytes.net:91
GENCODE BxoBCTyfZUBQ
EDTPATH MSDCSC\msdcsc.exe
MSGICON 0
FTPPORT 21
INSTALL 1
PERSINST 0
DIRATTRIB 6
SH1 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
MSGCORE 4F7920DDE7696E205465FE656B6BFC722045646572697A0D0A
FTPSIZE 200
FAKEMSG 1
CHANGEDATE 0
PDNS 127.0.0.1:store.steampowered.com|127.0.0.1:www.store.steampowered.com|127.0.0.1:http://steamcommunity.com|127.0.0.1:steamcommunity.com|127.0.0.1:www.steamcommunity.com
MSGTITLE BAARILI OY
FTPUSER r00t@omen.website
OVDNS 1
COMBOPATH 7
FTPHOST ftp.omen.website
BIND 1
FTPUPLOADK 1
MELT 0
PWD 1234
SH9 1
OFFLINEK 1
Advertising
VirusTotal

51 out of 57 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
kagero-grup.sytes.net 46.2.21.109 TR
kagerosys.sytes.net 0
Geo Location
Yara Rules
Comments
comments powered by Disqus