Details
Malware Family DarkComet
Date Added Nov. 7, 2015, 8:40 p.m.
MD5 a874a791ee60096e86e585d2a476e800
Sha256 9f9d0f793c5683c86038e0eb04fdb7c2ff58ed2bf25ca1b58d0f8230302e882d
Robot Robots lovingly delivered by robohash.org
Config Sections
MSGICON 16
CHIDED 1
FTPPORT 21
FWB 0
EDTDATE 16/04/2007
INSTALL 1
SID Guest16
FTPPASS fbbffb66
PERSINST 1
DIRATTRIB 6
CHIDEF 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
MSGCORE 596F757220436C69656E742056657273696F6E2069732063757272656E746C79206F75742D64617465642E200D0A506C6561736520646F776E6C6F616420746865206C6174657374206F6E6521
FTPSIZE 10
FAKEMSG 1
PERS 1
PDNS 127.0.0.1:localhost
CHANGEDATE 0
SH1 1
FTPROOT /public_html/cyber/
SH10 1
KEYNAME System32dll
MUTEX DC_MUTEX-3N2YC5X
MSGTITLE Outdated Client
FTPUSER a4858190
FILEATTRIB 6
COMBOPATH 10
FTPHOST cyber.host22.com
FTPUPLOADK 1
MELT 1
PWD 0123456789
NETDATA pakke123.no-ip.biz:1604
SH9 1
OFFLINEK 1
GENCODE kouQjmGtQEyo
EDTPATH MSDCSC\msdcsc.exe
Advertising
VirusTotal

49 out of 52 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
pakke123.no-ip.biz 204.95.99.66 US
Geo Location
Yara Rules
Comments
comments powered by Disqus