Details
Malware Family DarkComet
Date Added April 22, 2016, 6:28 a.m.
MD5 4f564341ad8ea444838251cb46f48857
Sha256 ec92dd3dbfb6b698c31ccb33f9255ae0f6b28521dda69133132f6d70c2878c36
Robot Robots lovingly delivered by robohash.org
Config Sections
FWB 1
SID Guest16
FTPPASS
CHIDEF 1
CHIDED 1
PERS 1
FTPROOT
SH10 1
KEYNAME WindowsApplications
MUTEX DC_MUTEX-M2DUANZ
FILEATTRIB 6
EDTDATE 14/07/2009
NETDATA 169.254.123.181:1604
GENCODE +q4WGrF2rJsz
EDTPATH winrm\svchost.exe
MSGICON 16
FTPPORT
INSTALL 1
PERSINST 1
DIRATTRIB 6
SH1 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
MSGCORE 3078303763633831393020656D706C6F69206C2761647265737365206D656D6F69726527307830303030303030302727204C61206D656D6F697265206E652070657574207061732065747265202727726561642727436C697175657A20737572204F4B20706F7572207465726D696E6572206C652070726F6772616D6D65
FTPSIZE
FAKEMSG 1
CHANGEDATE 1
PDNS 87.240.131.118:orbital.war2149.com
MSGTITLE 0x07cc8190
FTPUSER
OVDNS 1
COMBOPATH 2
FTPHOST
BIND 1
FTPUPLOADK
MELT 0
PWD 1417
SH9 1
OFFLINEK 1
Advertising
VirusTotal

50 out of 56 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
169.254.123.181 0
Geo Location
Yara Rules
Comments
comments powered by Disqus