Details
Malware Family DarkComet
Date Added Nov. 7, 2015, 6:12 p.m.
MD5 a58b58d53dc3d9d72ea47d6ce153f6b0
Sha256 dbf726b7a7120770c04d358fa831e04ac6ba07f9d8cefec74bb4bda8236c6103
Robot Robots lovingly delivered by robohash.org
Config Sections
MSGICON 16
FTPPORT 21
FWB 0
EDTDATE 16/04/2007
INSTALL 1
SID Guest16
FTPPASS a4590261
OFFLINEK 1
PERSINST 1
DIRATTRIB 6
PDNS 127.0.0.1:localhost
CHIDED 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
MSGCORE 596F7572206F7065726174696E672073797374656D2063616E2774206578656375746520746869732066696C652E
FTPSIZE 10
FAKEMSG 1
PERS 1
SH3 1
CHANGEDATE 1
CHIDEF 1
FTPROOT /Keylogger/
SH10 1
KEYNAME SystemUpdate
MUTEX DC_MUTEX-QNYRHFP
MSGTITLE Error
FTPUSER a4590261
FILEATTRIB 6
COMBOPATH 7
FTPHOST 31.170.160.88
FTPUPLOADK 1
MELT 1
PWD tq5bb3leogpb
NETDATA jok1995.no-ip.biz:81
SH9 1
SH1 1
GENCODE 39r7lkX91sM2
EDTPATH MSDCSC\msdcsc.exe
Advertising
VirusTotal

49 out of 53 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
jok1995.no-ip.biz 204.95.99.109 US
Geo Location
Yara Rules
Comments
comments powered by Disqus