Details
Malware Family DarkComet
Date Added Nov. 7, 2015, 6:54 p.m.
MD5 9615ab83575165439a8d7068c248f27d
Sha256 0c3140c5ea2f00253c9a9982204acaaaa3cec8e03d3e8463c5a6614b8854e679
Robot Robots lovingly delivered by robohash.org
Config Sections
MSGICON 0
FTPPORT 21
FWB 0
MELT 0
INSTALL 1
SID MY RAT
FTPPASS 0123456789
PERSINST 0
DIRATTRIB 0
PDNS 127.0.0.1:localhost
CHIDED 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
MSGCORE 446F74204E6574204672616D65576F726B204D697373696E672E20506C656173652074727920746F20646F776E6C6F61642066726F6D20687474703A2F2F6D6963726F736F66742E636F6D2F646F746E65746672616D65776F726B2E2E
FTPSIZE 10
FAKEMSG 1
PERS 1
MULTIBIND 1
SH3 1
CHANGEDATE 0
SH1 1
CHIDEF 1
FTPROOT h ttp://www.alm3refh.com/rok
SH10 1
KEYNAME DarkComet RAT
MUTEX DC_MUTEX-U7U7S2F
MSGTITLE Error
FTPUSER 123456
FILEATTRIB 0
OVDNS 1
COMBOPATH 10
FTPHOST ftp.yourhost.com
BIND 1
FTPUPLOADK 1
EDTDATE 16/04/2007
PWD korey12345
NETDATA edis22.no-ip.biz:4546
SH9 1
OFFLINEK 1
GENCODE KWKogPzwbKWs
EDTPATH DCSCMIN\IMDCSC.exe
Advertising
VirusTotal

This hash does not exist in virustotal

Domain Data
Domain IP Country Code
edis22.no-ip.biz 78.159.143.172 BG
Geo Location
Yara Rules
Comments
comments powered by Disqus