Details
Malware Family DarkComet
Date Added Jan. 16, 2016, 3 a.m.
MD5 a7ad95323421ac904cbdb9f32420f1dd
Sha256 4bdf9fbf5663a5ef2ff3579ae5ab2ec36c10732b795d8759fabb6042f8e7022b
Robot Robots lovingly delivered by robohash.org
Config Sections
FWB 0
SID test
FTPPASS 123456hk
CHIDEF 1
CHIDED 1
PERS 1
FTPROOT htdocs/
SH10 1
KEYNAME Internet Explorer
MUTEX DCMIN_MUTEX-1QB98FY
FILEATTRIB 6
EDTDATE 16/04/2007
NETDATA kys.duckdns.org:1604
GENCODE vHnz0SzdqnAW
EDTPATH InternetExplorer\iexplorer.exe
MSGICON 32
FTPPORT 21
INSTALL 1
PERSINST 1
DIRATTRIB 0
SH1 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
MSGCORE 57656C636F6D6520746F204461726B436F6D6574205241542E0D0A496620796F75207365652074686973206D6573736167652C206974206D65616E73207468652073747562207375636365737366756C6C792072756E7320616E6420796F752077696C6C206170656172200D0A696E20746865206D61737465722075736572206C6973742E0D0A
FTPSIZE 5
FAKEMSG 1
MULTIBIND 1
CHANGEDATE 1
PDNS britney199019.no-ip.org:localhost
MSGTITLE Welcome
FTPUSER b22_10946352
OVDNS 1
COMBOPATH 2
FTPHOST ftp.byethost22.com
BIND 1
FTPUPLOADK 1
MELT 1
PWD
SH9 1
OFFLINEK 1
Advertising
VirusTotal

52 out of 56 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
kys.duckdns.org 180.150.28.144 AU
Geo Location
Yara Rules
Comments
comments powered by Disqus