Details
Malware Family DarkComet
Date Added Jan. 30, 2016, 3 a.m.
MD5 95be6812c22e2a33f3da79400703e4cd
Sha256 28f3048ee2a5db216f8c7f987a05b5b0c0a4d2509d709337dd3808d02fbaa218
Robot Robots lovingly delivered by robohash.org
Config Sections
FWB 0
SID Guest16
FTPPASS 0123456789
CHIDEF 1
CHIDED 1
PERS 1
FTPROOT /
SH10 1
KEYNAME MicroUpdate
MUTEX DC_MUTEX-MASRKGG
FILEATTRIB 0
EDTDATE 16/04/2007
NETDATA dnsdhcpvpn.ddns.net:1177
GENCODE C0LqVYBMz8ec
EDTPATH MSDCSC\msdcsc.exe
MSGICON 64
FTPPORT 21
INSTALL 1
PERSINST 1
DIRATTRIB 0
SH1 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
MSGCORE C2E0F8E020EFE0ECFFF2FC20EEE1EDEEE2EBE5EDE021
FTPSIZE 10
FAKEMSG 1
CHANGEDATE 0
PDNS 192.168.1.4:lover33.no-ip.biz
MSGTITLE
FTPUSER username
OVDNS 1
COMBOPATH 2
FTPHOST ftp.yourhost.com
BIND 1
FTPUPLOADK 1
MELT 1
PWD 4411
SH9 1
OFFLINEK 1
Advertising
VirusTotal

50 out of 55 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
dnsdhcpvpn.ddns.net 105.98.155.204 DZ
Geo Location
Yara Rules
Comments
comments powered by Disqus