Details
Malware Family DarkComet
Date Added Nov. 7, 2015, 4:46 p.m.
MD5 86e380210780ee8f400ffc8649f94450
Sha256 37f6e823faa0a26c1717930f94166d92e4d43f2d0c9cbc4b78f1218bef7f75d3
Robot Robots lovingly delivered by robohash.org
Config Sections
MSGICON 32
CHIDED 1
FTPPORT 21
FWB 1
EDTDATE 16/04/2007
INSTALL 1
SID Guest16_min
FTPPASS 0123456789
PERSINST 1
DIRATTRIB 295
CHIDEF 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
SH9 1
FTPSIZE 10
FAKEMSG 1
PERS 1
PDNS 197.5.9.241:mahjoub.no-ip.biz
CHANGEDATE 1
SH1 1
FTPROOT /
SH10 1
KEYNAME DarkComet RAT
MUTEX DCMIN_MUTEX-BJ1LHGV
MSGTITLE DarkComet
FTPUSER username
FILEATTRIB 295
COMBOPATH 7
FTPHOST ftp.yourhost.com
BIND 1
FTPUPLOADK
MELT 0
PWD 0123456789
NETDATA 127.0.0.1:1604
MSGCORE Hello world!
OFFLINEK 1
GENCODE Ax2tS1qVxeNT
EDTPATH DCSCMIN\IMDCSC.exe
Advertising
VirusTotal

52 out of 55 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
127.0.0.1 0
Geo Location
Yara Rules
Comments
comments powered by Disqus