Details
Malware Family DarkComet
Date Added April 22, 2016, 6:28 a.m.
MD5 6ac8d1c0bbee75a50f7383a209d23937
Sha256 47f9a5be86446bbac0817b2a9d61bd5de28838895bc3331bb0467522ee9c9459
Robot Robots lovingly delivered by robohash.org
Config Sections
FWB 1
SID Guest1
FTPPASS 5242424q
CHIDEF 1
CHIDED 1
PERS 1
FTPROOT /
SH10 1
KEYNAME msdcs12
MUTEX DC_MUTEX-GDVHDWW
FILEATTRIB 6
EDTDATE 16/04/2014
NETDATA adobens.hopto.org:1604
GENCODE CZuKJ6dQ5y45
EDTPATH MSDCS\msdc12.exe
MSGICON 16
FTPPORT 21
INSTALL 1
PERSINST 1
DIRATTRIB 0
SH1 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
MSGCORE F4E0E9EB20EEF2F1F3F2F1F2E2F3E5F2
FTPSIZE 200
FAKEMSG 1
CHANGEDATE 1
PDNS 127.0.0.1:store.steampowered.com|127.0.0.1:www.store.steampowered.com|127.0.0.1:steamcommunity.com|127.0.0.1:www.steamcommunity.com|127.0.0.1:http://steamcommunity.com/
MSGTITLE
FTPUSER r00t@omen.website
OVDNS 1
COMBOPATH 2
FTPHOST ftp.omen.website
BIND 1
FTPUPLOADK 1
MELT 1
PWD 1234
SH9 1
OFFLINEK 1
Advertising
VirusTotal

54 out of 57 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
adobens.hopto.org 109.63.136.98 RU
Geo Location
Yara Rules
Comments
comments powered by Disqus