Details
Malware Family DarkComet
Date Added May 25, 2016, 3 a.m.
MD5 4e08ca5b9494f9992237f49d744f8a6d
Sha256 c241bc64557243cc99877806b65c0164a1c5d52f6be8bfed1ac5f3a75e0cd7dd
Robot Robots lovingly delivered by robohash.org
Config Sections
FWB 0
SID Guest16
FTPPASS 12qwaszX
CHIDEF 1
CHIDED 1
PERS 1
FTPROOT /Logs
SH10 1
KEYNAME Windows
MUTEX DC_MUTEX-8UKD8AB
FILEATTRIB 6
EDTDATE 16/04/2007
NETDATA xxmonxx.ddns.net:1604
GENCODE jvNPzZDv49Nh
EDTPATH MSDCSC\msdcsc.exe
MSGICON 0
FTPPORT 21
INSTALL 1
PERSINST 1
DIRATTRIB 6
SH1 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
MSGCORE Hello is virus
FTPSIZE 1000
FAKEMSG 1
MULTIBIND 1
CHANGEDATE 1
PDNS 127.0.0.1:vk.com|127.0.0.1:ok.ru|127.0.0.1:rgho.st
MSGTITLE mdrr
FTPUSER xcursayer
OVDNS 1
COMBOPATH 10
FTPHOST ftp.drivehq.com
BIND 1
FTPUPLOADK 1
MELT 1
PWD 0123
SH9 1
OFFLINEK 1
Advertising
VirusTotal

This hash does not exist in virustotal

Domain Data
Domain IP Country Code
xxmonxx.ddns.net 95.32.220.175 RU
Geo Location
Yara Rules
Comments
comments powered by Disqus