Details
Malware Family DarkComet
Date Added Jan. 30, 2016, 3 a.m.
MD5 881909b23cc2fc9aa1eba0deefb5b918
Sha256 de796a9a198d58f8a21d687686cb1df2c9f95d2dc20d20f7190e35436d64d578
Robot Robots lovingly delivered by robohash.org
Config Sections
FWB 0
SID All
FTPPASS 0123456789
CHIDEF 1
CHIDED 1
PERS 1
FTPROOT /
SH10 1
KEYNAME MicroUpdate
MUTEX DC_MUTEX-U0DM7GE
FILEATTRIB 6
EDTDATE 16/04/2015
NETDATA :1604
GENCODE jysMltStTlUQ
EDTPATH MSDCSC\msdcsc.exe
MSGICON 64
FTPPORT 21
INSTALL 1
PERSINST 1
DIRATTRIB 6
SH1 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
MSGCORE 57656C636F6D6520746F20576F7264707265737320202E20596F7520486173204265656E20496E7374616C6C20
FTPSIZE 10
FAKEMSG 1
MULTIBIND 1
CHANGEDATE 0
PDNS 192.168.2.136:localhost
MSGTITLE Welcome
FTPUSER username
OVDNS 1
COMBOPATH 10
FTPHOST ftp.yourhost.com
BIND 1
FTPUPLOADK 1
MELT 0
PWD 1000000000
SH9 1
OFFLINEK 1
Advertising
VirusTotal

48 out of 54 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
Geo Location
Yara Rules
Comments
comments powered by Disqus