Details
Malware Family DarkComet
Date Added Feb. 1, 2016, 9:47 p.m.
MD5 87e93047f88ee75f290904997f55dc6c
Sha256 e133837adfff737e6e1ec13537e56fc6af66d0d75738c4a56e9c7209c30d56b5
Robot Robots lovingly delivered by robohash.org
Config Sections
FWB 0
SID benssa
FTPPASS 0123456789
CHIDEF 1
CHIDED 1
PERS 1
FTPROOT /
SH10 1
KEYNAME DarkComet RAT
MUTEX DC_MUTEX-F54S21D
FILEATTRIB 6
EDTDATE 16/04/2007
NETDATA 127.0.0.1:1604
GENCODE ZpMs4fQgHpfw
EDTPATH DCSCMIN\IMDCSC.exe
MSGICON 16
FTPPORT 21
INSTALL 1
PERSINST 1
DIRATTRIB 6
SH1 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
SH9 1
FTPSIZE 10
FAKEMSG 1
MULTIBIND 1
CHANGEDATE 1
PDNS 127.0.0.1:arabian.ddns.net
MSGTITLE Dosya bulunamad
FTPUSER username
OVDNS 1
COMBOPATH 7
FTPHOST ftp.yourhost.com
BIND 1
FTPUPLOADK 1
MELT 0
PWD hacker
MSGCORE 456B73696B20646F737961
OFFLINEK 1
Advertising
VirusTotal

47 out of 54 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
127.0.0.1 0
Geo Location
Yara Rules
Comments
comments powered by Disqus