Details
Malware Family DarkComet
Date Added Jan. 16, 2016, 3 a.m.
MD5 877dac4c53792409055241231a55a497
Sha256 e68ef49b8d8b3eeaf5fb09197d690683ee8598b08850145659b73d9fc5733182
Robot Robots lovingly delivered by robohash.org
Config Sections
BIND 1
MSGICON 0
CHIDEF 1
MSGTITLE Welcome
FTPPORT 21
FWB 0
SH6 1
MSGCORE 57656C636F6D6520746F204461726B436F6D6574205241542E
FTPROOT /
SH10 1
KEYNAME MicroUpdate
MUTEX DC_MUTEX-549AGJ2
MELT 1
INSTALL 1
SID Guest16
SH4 1
FTPPASS 0123456789
PERSINST 1
DIRATTRIB 6
SH1 1
CHIDED 1
FTPUSER username
SH5 1
COMBOPATH 7
FTPHOST ftp.yourhost.com
SH8 1
FILEATTRIB 6
FTPUPLOADK 1
SH7 1
FAKEMSG 1
EDTDATE 16/04/2007
PERS 1
PWD 237566
SH3 1
NETDATA ditex.ddns.net:1604
SH9 1
PDNS dummheitpur.ddns.net:dummheitpur.ddns.net
OFFLINEK 1
GENCODE nyuuEM3QAJcU
FTPSIZE 10
CHANGEDATE 0
EDTPATH MSDCSC\msdcsc.exe
Advertising
VirusTotal

48 out of 56 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
ditex.ddns.net 5.197.184.119 AZ
Geo Location
Yara Rules
Comments
comments powered by Disqus