Details
Malware Family DarkComet
Date Added Nov. 7, 2015, 6:56 p.m.
MD5 8892477cb7c9caa54569a3a6e0e3fdb0
Sha256 790b03689cdacc2d191992aa3e6bd19f6025bf5f9e5052e9c5e91a8e52262e09
Robot Robots lovingly delivered by robohash.org
Config Sections
MSGICON 0
FTPPORT 21
FWB 0
MELT 0
INSTALL 1
SID Guest16
FTPPASS 0123456789
PERSINST 0
DIRATTRIB 6
PDNS 127.0.0.1:localhost
CHIDED 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
MSGCORE 446F74204E6574204672616D65576F726B204D697373696E672E20506C656173652074727920746F20646F776E6C6F61642066726F6D20687474703A2F2F6D6963726F736F66742E636F6D2F646F746E65746672616D65776F726B2E2E
FTPSIZE 10
FAKEMSG 1
PERS 1
MULTIBIND 1
SH3 1
CHANGEDATE 0
SH1 1
CHIDEF 1
FTPROOT h ttp://www.alm3refh.com/rok
SH10 1
KEYNAME skype.com
MUTEX DC_MUTEX-GHS48FN
MSGTITLE Error
FTPUSER 123456
FILEATTRIB 6
OVDNS 1
COMBOPATH 10
FTPHOST ftp.yourhost.com
BIND 1
FTPUPLOADK 1
EDTDATE 16/04/2007
PWD korey12345
NETDATA 188.168.215.22:1604
SH9 1
OFFLINEK 1
GENCODE uoke4Uy7QgSs
EDTPATH MSDCSC\msdcsc.exe
Advertising
VirusTotal

50 out of 57 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
188.168.215.22 RU
Geo Location
Yara Rules
Comments
comments powered by Disqus