Details
Malware Family DarkComet
Date Added Jan. 16, 2016, 3 a.m.
MD5 6ac20b0a3276f65e527afdc9bbe5d88e
Sha256 02602f24e7eb9283fe3c62c95abdf07795373c98bfda07023e5fa551dc5ae0e0
Robot Robots lovingly delivered by robohash.org
Config Sections
FWB 0
SID Skype
FTPPASS 5242424FTP
CHIDEF 1
CHIDED 1
PERS 1
FTPROOT /
SH10 1
KEYNAME MicroUpdate
MUTEX DC_MUTEX-3KEKEBZ
FILEATTRIB 6
EDTDATE 16/04/2007
NETDATA work.no-ip.biz:200|whoer.no-ip.org:200
GENCODE iuEnxl5CFX6L
EDTPATH MSDCSC\cmss.exe
MSGICON 0
FTPPORT 21
INSTALL 1
PERSINST 0
DIRATTRIB 6
SH1 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
MSGCORE 436C69636B206F6E204F6B20
FTPSIZE 1
FAKEMSG 1
MULTIBIND 1
CHANGEDATE 0
PDNS 192.168.0.77:55rus.ddns.net
MSGTITLE Welcome
FTPUSER admin@knighthile.com
OVDNS 1
COMBOPATH 2
FTPHOST ftp.knighthile.com
BIND 1
FTPUPLOADK 1
MELT 0
PWD Rangerty10
SH9 1
OFFLINEK 1
Advertising
VirusTotal

46 out of 54 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
work.no-ip.biz 105.154.238.101 MA
whoer.no-ip.org 105.154.238.101 MA
Geo Location
Yara Rules
Comments
comments powered by Disqus