Details
Malware Family DarkComet
Date Added Nov. 7, 2015, 5:30 p.m.
MD5 a48af78b1dd4ece80db2446003fa22d5
Sha256 ce688e5e06ed2e95d17b13088361bcc3a95640199b7dda341ece8e7bd9aa75b3
Robot Robots lovingly delivered by robohash.org
Config Sections
MSGICON 16
FTPPORT 21
FWB 1
MELT 0
INSTALL 1
SID DarkComet
FTPPASS fuckm3!fy0uc@n
PERSINST 1
DIRATTRIB 2
CHIDEF 1
CHIDED 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
SH9 1
FTPSIZE 200
FAKEMSG 1
PERS 1
MULTIBIND 1
SH3 1
CHANGEDATE 1
SH1 1
FTPROOT /home/indianha/public_html/dabas
SH10 1
KEYNAME winupdater
MUTEX DC_MUTEX-RE170G8
MSGTITLE ERROR module specified undetected
FTPUSER dabas@indianhacker.in
FILEATTRIB 2
OVDNS 1
COMBOPATH 2
FTPHOST ftp.indianhacker.in
BIND 1
FTPUPLOADK
EDTDATE 16/04/2007
PWD ISREAL1948
NETDATA eiip.no-ip.biz:666
MSGCORE 6572726F7220736869656C64206D6F64756C652073706563696669656420756E64657465637465642023313738
PDNS www.norton.com:localhost
OFFLINEK 1
GENCODE 47lGXq2a2*S3
EDTPATH Windupdt\winupdate.exe
Advertising
VirusTotal

51 out of 57 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
eiip.no-ip.biz 0
Geo Location
Yara Rules
Comments
comments powered by Disqus