Details
FileName | |
---|---|
Malware Family | DarkComet |
Date Added | 2015-11-07 20:07:23 |
MD5 | 98abce6b1d6a87bf7e874cb58f69eb40 |
Sha256 | 04c47d36f0d10ee83c870c1066ae12239ba7f658d35b8fef3302055ac5817a4c |
Robot | Robots lovingly delivered by robohash.org |
Advertising
Config Data
FTPSIZE | 10 |
---|---|
SID | RAT test |
SH6 | 1 |
SH9 | 1 |
DIRATTRIB | 7 |
FTPPORT | 21 |
CHIDEF | 1 |
GENCODE | vvSBqDmyyKKR |
SH10 | 1 |
SH8 | 1 |
MSGICON | 64 |
CHANGEDATE | 0 |
CHIDED | 1 |
FTPROOT | /darkcomet |
MSGTITLE | Microsoft Windows Update |
PERS | 1 |
OFFLINEK | 1 |
MSGCORE | 596F757220636F6D707574657220686173206265656E20757064617465642E |
FTPUPLOADK | |
KEYNAME | updater |
PERSINST | 1 |
EDTPATH | udupdt\update.exe |
MELT | 1 |
COMBOPATH | 2 |
FILEATTRIB | 7 |
FAKEMSG | 1 |
NETDATA | toolzcoolz.no-ip.biz:64598 |
MUTEX | DC_MUTEX-3X5ENZY |
SH1 | 1 |
FWB | 0 |
SH7 | 1 |
FTPPASS | lkjuh787yhg40*** |
FTPHOST | shops.walnmar.com |
PWD | Ppghytu&*&^^[]09\\\]][] |
FTPUSER | admin@walnmar.com |
SH4 | 1 |
SH5 | 1 |
EDTDATE | 16/04/2007 |
SH3 | 1 |
INSTALL | 1 |
Virustotal
51 out of 57 AV Engines identified the sample as Malicious.