Details
Malware Family DarkComet
Date Added April 23, 2016, 3 a.m.
MD5 6bee7510882dc4a493c6d00399df0c71
Sha256 7a5ba35b67cfc54177b3c9355f4d86096608fc6905c7dbcbfdde921f277ece89
Robot Robots lovingly delivered by robohash.org
Config Sections
FWB 1
SID BN_135
FTPPASS hacker911911
CHIDEF 1
CHIDED 1
PERS 1
FTPROOT /
SH10 1
KEYNAME MicroUpdate
MUTEX DC_MUTEX-6Q35NA0
FILEATTRIB 6
EDTDATE 16/11/2015
NETDATA preisschild.zapto.org:1604|preisschild.zapto.org:1601
GENCODE CWFTgUJcadaE
EDTPATH MSDCSC\msdcsc.exe
MSGICON 16
FTPPORT 21
INSTALL 1
PERSINST 1
DIRATTRIB 6
SH1 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
MSGCORE 4572726F723A2030783030303030316663
FTPSIZE 10
FAKEMSG 1
MULTIBIND 1
CHANGEDATE 1
PDNS 127.0.0.1:localhost
MSGTITLE Could not load
FTPUSER hadesisback
OVDNS 1
COMBOPATH 7
FTPHOST ftp.drivehq.com
BIND 1
FTPUPLOADK 1
MELT 1
PWD pen123
SH9 1
OFFLINEK 1
Advertising
VirusTotal

53 out of 57 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
preisschild.zapto.org 178.191.50.73 AT
preisschild.zapto.org 178.191.50.73 AT
Geo Location
Yara Rules
Comments
comments powered by Disqus