Details
Malware Family DarkComet
Date Added Nov. 7, 2015, 4:49 p.m.
MD5 a3fd066a1545233254b326e1db928420
Sha256 9f072dfd4c58e9803dbf4e8105f43fa534f3f5e1abcd4032bda88b99832c281f
Robot Robots lovingly delivered by robohash.org
Config Sections
MSGICON 0
CHIDED 1
FTPPORT 21
FWB 0
EDTDATE 16/04/2007
INSTALL 1
SID Guest16
FTPPASS 0123456789
PERSINST 1
DIRATTRIB 295
CHIDEF 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
SH9 1
FTPSIZE 10
FAKEMSG 1
PERS 1
PDNS 197.5.9.241:mahjoub.no-ip.biz
CHANGEDATE 1
SH1 1
FTPROOT /
SH10 1
KEYNAME DarkComet RAT
MUTEX DC_MUTEX-3W79GDU
MSGTITLE Welcome
FTPUSER username
FILEATTRIB 295
COMBOPATH 7
FTPHOST ftp.yourhost.com
BIND 1
FTPUPLOADK
MELT 0
PWD 0123456789
NETDATA aaaaaaaaaa10.no-ip.biz:1604|aaaaaaaaaa10.no-ip.biz:4444
MSGCORE 57656C636F6D6520746F204461726B436F6D6574205241542E0D0A496620796F75207365652074686973206D6573736167652C206974206D65616E73207468652073747562207375636365737366756C6C792072756E7320616E6420796F752077696C6C206170656172200D0A696E20746865206D61737465722075736572206C6973742E0D0A
OFFLINEK 1
GENCODE D4HLHvtrsa1k
EDTPATH DCSCMIN\IMDCSC.exe
Advertising
VirusTotal

46 out of 52 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
aaaaaaaaaa10.no-ip.biz 0
aaaaaaaaaa10.no-ip.biz 0
Geo Location
Yara Rules
Comments
comments powered by Disqus