Details
Malware Family DarkComet
Date Added Jan. 16, 2016, 3 a.m.
MD5 6730ba7369541f4d3d1fcb595927b1d5
Sha256 b052391fc675d45fcf8ce6cd11e318494262f282a36c2332265021868104ae81
Robot Robots lovingly delivered by robohash.org
Config Sections
FWB 0
SID PC
FTPPASS 0123456789
CHIDEF 1
CHIDED 1
PERS 1
FTPROOT /
SH10 1
KEYNAME explorer
MUTEX DC_MUTEX-F54S21D
FILEATTRIB 0
EDTDATE 16/08/2015
NETDATA minehost567.ddns.net:8080
GENCODE pfEJrWGnD0zR
EDTPATH MSDCSC\msdcsc.exe
MSGICON 48
FTPPORT 21
INSTALL 1
PERSINST 1
DIRATTRIB 0
SH1 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
MSGCORE 5520476F742052617465642F4B65794C6F6767656420544F200D0A54616B6520546865205261742F4B65794C6F672053756273637269626520546F2047706C616976
FTPSIZE 10
FAKEMSG 1
MULTIBIND 1
CHANGEDATE 1
PDNS 188.140.160.186:gplaiv.ddns.net
MSGTITLE Hack
FTPUSER username
OVDNS 1
COMBOPATH 3
FTPHOST ftp.yourhost.com
BIND 1
FTPUPLOADK 1
MELT 0
PWD 0123456789
SH9 1
OFFLINEK 1
Advertising
VirusTotal

47 out of 55 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
minehost567.ddns.net 128.90.102.36 BR
Geo Location
Yara Rules
Comments
comments powered by Disqus