Details
Malware Family DarkComet
Date Added April 23, 2016, 3 a.m.
MD5 561bef74de3c821a0b2814f57e232358
Sha256 ba2906fbb29d5b14fa4429f641c4b9cf1118de9f79adf544d547c200a34e7b33
Robot Robots lovingly delivered by robohash.org
Config Sections
FWB 0
SID Guest16
FTPPASS 5831267
CHIDEF 1
CHIDED 1
PERS 1
FTPROOT /rat
SH10 1
KEYNAME MicroUpdate
MUTEX DC_MUTEX-CSGG46U
FILEATTRIB 6
EDTDATE 16/04/2007
NETDATA sgg.zapto.org:1604
GENCODE R36S6yXw9VBh
EDTPATH MSDCSC\msdcsc.exe
MSGICON 16
FTPPORT 21
INSTALL 1
PERSINST 1
DIRATTRIB 6
SH1 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
MSGCORE 556E68616E646C656420657863657074696F6E20686173206F6363757272656420696E20796F7572206170706C69636174696F6E2E20496620796F7520636C69636B20436F6E74696E75652E20746865206170706C69636174696F6E2077696C6C2069676E6F72652074686973206572726F7220616E6420617474656D707420746F20636F756E74696E652E20496620796F7520636C69636B20517569742E20746865206170706C69636174696F6E2077696C6C20636C6F736520696D6D6564696174656C792E0D0A0D0A436F756C64206E6F74206C6F61642066696C65206F7220617373656D626C79202743616368652C2056657273696F6E3D372E3134362E34322E302E0D0A43756C747572653D6E65757472616C2E205075626C69634B6579546F6B656E3D32316635336665333662663963643627206F72206F6E65206F662069747320646570656E64656E636965732E20546865206C6F6361746564206173736D626C792773206D616E696665737420646566696E6974696F6E20646F6573206E6F74206D617463682074686520617373656D6E6C79207265666572656E63652E2028457863657074696F6E2066726F6D2048524553554C543A2030783830313331303430292E
FTPSIZE 15
FAKEMSG 1
MULTIBIND 1
CHANGEDATE 0
PDNS bymayer.ddns.net:localhost
MSGTITLE Microsoft .NET Framework
FTPUSER u728959000.trojan
OVDNS 1
COMBOPATH 7
FTPHOST ftp.engintasarim.xyz
BIND 1
FTPUPLOADK 1
MELT 0
PWD stockbeen
SH9 1
OFFLINEK 1
Advertising
VirusTotal

50 out of 57 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
sgg.zapto.org 79.181.56.153 IL
Geo Location
Yara Rules
Comments
comments powered by Disqus