Details
Malware Family DarkComet
Date Added Nov. 7, 2015, 8:02 p.m.
MD5 994dff4c26aade6da7c48ca3f6b605c9
Sha256 e54b8e07c0c247c2d89d7dc7739cbfc595df9b65b6e9bd820b7bed871e78a21e
Robot Robots lovingly delivered by robohash.org
Config Sections
MSGICON 16
CHIDED 1
FTPPORT 21
FWB 1
EDTDATE 16/04/2007
INSTALL 1
SID Microsoft006
FTPPASS lkjuh787yhg40***
PERSINST 1
DIRATTRIB 2
CHIDEF 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
MSGCORE 5468652066696C652069732064656D61676564206F7220646F6573206E6F74206578697374
FTPSIZE 10
FAKEMSG 1
PERS 1
CHANGEDATE 0
SH1 1
FTPROOT /darkcomet
SH10 1
KEYNAME WinUpdater
MUTEX DC_MUTEX-PV1GFUS
MSGTITLE Windows
FTPUSER admin@walnmar.com
FILEATTRIB 2
COMBOPATH 0
FTPHOST shops.walnmar.com
FTPUPLOADK
MELT 0
PWD Ppghytu&*&^^[]09\\\]][]
NETDATA mylovely.zapto.org:1604
SH9 1
OFFLINEK 1
GENCODE b55r%iLE/kmc
EDTPATH MSDCSC\msdcsc.exe
Advertising
VirusTotal

45 out of 51 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
mylovely.zapto.org 0
Geo Location
Yara Rules
Comments
comments powered by Disqus