Details
Malware Family DarkComet
Date Added Nov. 7, 2015, 6:54 p.m.
MD5 56c02c0b2c9dfcf4d864e73708d3e9b7
Sha256 bb112c1feccc65959c18b98a77c40ae13c5b4b40e7cca6beea41e4eadbae718b
Robot Robots lovingly delivered by robohash.org
Config Sections
MSGICON 16
FTPPORT 21
FWB 0
MELT 0
INSTALL 1
SID DarkC.
FTPPASS 0123456789
PERSINST 0
DIRATTRIB 0
PDNS 127.0.0.1:localhost
CHIDED 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
MSGCORE Hello world!
FTPSIZE 10
FAKEMSG 1
PERS 1
MULTIBIND 1
SH3 1
CHANGEDATE 0
SH1 1
CHIDEF 1
FTPROOT h ttp://www.alm3refh.com/rok
SH10 1
KEYNAME MicroUpdate
MUTEX DC_MUTEX-JSHYSJH
MSGTITLE DarkComet
FTPUSER 123456
FILEATTRIB 0
OVDNS 1
COMBOPATH 7
FTPHOST ftp.yourhost.com
BIND 1
FTPUPLOADK 1
EDTDATE 16/04/2007
PWD Soldier
NETDATA xaiiiimze.no-ip.org:1604
SH9 1
OFFLINEK 1
GENCODE j5lmXls3uRJX
EDTPATH MSDCSC\msdcsc.exe
Advertising
VirusTotal

41 out of 46 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
xaiiiimze.no-ip.org 0
Geo Location
Yara Rules
Comments
comments powered by Disqus