Details
Malware Family DarkComet
Date Added April 22, 2016, 6:28 a.m.
MD5 ab1d6c52f18825de916950b0a33a2f8a
Sha256 74a13c7ecf0adc443659b4207da66c097a029b910a84c26c516fa206e2213b61
Robot Robots lovingly delivered by robohash.org
Config Sections
FWB 0
SID Guest16
FTPPASS 5242424q
CHIDEF 1
CHIDED 1
PERS 1
FTPROOT /
SH10 1
KEYNAME System
MUTEX DC_MUTEX-8SUYHSC
FILEATTRIB 6
EDTDATE 2/25/2019
NETDATA troyano.zapto.org:1604
GENCODE JqjFd3EGRXmW
EDTPATH Taskss\explorer.exe
MSGICON 0
FTPPORT 21
INSTALL 1
PERSINST 1
DIRATTRIB 6
SH1 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
MSGCORE FDF2EE20EFF0EEE3F0E0ECE020E2E0EC20EDE520E4EEF1F2F3EFEDE021
FTPSIZE 200
FAKEMSG 1
CHANGEDATE 1
PDNS zzcc1212.codns.com:localhost|124.111.208.9:localhost
MSGTITLE Error
FTPUSER r00t@omen.website
OVDNS 1
COMBOPATH 10
FTPHOST ftp.omen.website
BIND 1
FTPUPLOADK 1
MELT 0
PWD 1234
SH9 1
OFFLINEK 1
Advertising
VirusTotal

53 out of 57 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
troyano.zapto.org 177.230.255.5 MX
Geo Location
Yara Rules
Comments
comments powered by Disqus