Details
Malware Family DarkComet
Date Added Feb. 1, 2016, 9:47 p.m.
MD5 9fa5c7e89c1e1c44d8232c2d83eb2f03
Sha256 e558531accd856c967a345d277d4f5dc28585455afcc441d56f7e9243129da8e
Robot Robots lovingly delivered by robohash.org
Config Sections
FWB 0
SID Guest16
FTPPASS 0123456789
CHIDEF 1
CHIDED 1
PERS 1
FTPROOT /
SH10 1
KEYNAME ManagerWin
MUTEX DC_MUTEX-NWK0FNZ
FILEATTRIB 6
EDTDATE 16/04/2007
NETDATA sergumanus.ddns.net:1604
GENCODE govQ50mUURho
EDTPATH PUNISHER\Manager.exe
MSGICON 32
FTPPORT 21
INSTALL 1
PERSINST 0
DIRATTRIB 6
SH1 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
SH9 1
FTPSIZE 10
FAKEMSG 1
MULTIBIND 1
CHANGEDATE 0
PDNS 127.0.0.1:arabian.ddns.net
MSGTITLE RakNet
FTPUSER username
OVDNS 1
COMBOPATH 1
FTPHOST ftp.yourhost.com
BIND 1
FTPUPLOADK 1
MELT 0
PWD hacker
MSGCORE CEF8E8E1EAE02C20EFEEE4E4E5F0E6E8E2E0FEF9E8E520F4E0E9EBFB203634782E646C6C20EDE520EDE0E9E4E5EDFB2E
OFFLINEK 1
Advertising
VirusTotal

48 out of 55 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
sergumanus.ddns.net 109.236.213.42 RU
Geo Location
Yara Rules
Comments
comments powered by Disqus