Details
Malware Family DarkComet
Date Added Feb. 1, 2016, 9:47 p.m.
MD5 9f337facd8e929d408d35c326f322c69
Sha256 e5dd91ab72cf5e8eda789db02cf67421d6df93af3ef6ee07ab0ddf37fad3d280
Robot Robots lovingly delivered by robohash.org
Config Sections
FWB 1
SID Guest16
FTPPASS 0123456789
CHIDEF 1
CHIDED 1
PERS 1
FTPROOT /
SH10 1
KEYNAME MicroUpdate
MUTEX DC_MUTEX-JYNLMLQ
FILEATTRIB 2
EDTDATE 16/04/2007
NETDATA xtazmodding.ddns.net:1500
GENCODE *GaDB%V=-ln7
EDTPATH MSDCSC\msdcsc.exe
MSGICON 32
FTPPORT 21
INSTALL 1
PERSINST 1
DIRATTRIB 2
SH1 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
SH9 1
FTPSIZE 10
FAKEMSG 1
MULTIBIND 1
CHANGEDATE 0
PDNS 127.0.0.1:arabian.ddns.net
MSGTITLE RakNet
FTPUSER username
OVDNS 1
COMBOPATH 3
FTPHOST ftp.yourhost.com
BIND 1
FTPUPLOADK 1
MELT 1
PWD hacker
MSGCORE CEF8E8E1EAE02C20EFEEE4E4E5F0E6E8E2E0FEF9E8E520F4E0E9EBFB203634782E646C6C20EDE520EDE0E9E4E5EDFB2E
OFFLINEK 1
Advertising
VirusTotal

This hash does not exist in virustotal

Domain Data
Domain IP Country Code
xtazmodding.ddns.net 84.103.108.128 FR
Geo Location
Yara Rules
Comments
comments powered by Disqus