Details
Malware Family DarkComet
Date Added May 25, 2016, 3 a.m.
MD5 b7d25d7befa79ab66e105ee3034d9326
Sha256 23f84f02a2cdf57802821b078c54b66c015f17a9156c595a66a14ea3ee4a5faf
Robot Robots lovingly delivered by robohash.org
Config Sections
FWB 0
SID automail
FTPPASS 05350281920y
CHIDEF 1
CHIDED 1
PERS 1
FTPROOT /
SH10 1
KEYNAME svghost
MUTEX DC_MUTEX-J4GT33P
FILEATTRIB 6
EDTDATE 16/04/2007
NETDATA hack2507.myvnc.com:1232
GENCODE Vrgz%SyD1Re
EDTPATH Windupdt\winupdate.exe
MSGICON 16
FTPPORT 21
INSTALL 1
PERSINST 0
DIRATTRIB 6
SH1 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
MSGCORE 4953446F6E652E646C6C20CFF0EEE8E7EEF8EBE020EEF8E8E1EAE020EFF0E820F0E0F1EFE0EAEEE2EAE53A20F4E0E9EB20EFEEE2F0E5E6E4E5ED210D0A556E6172632E646C6C20E2E5F0EDF3EB20EAEEE420EEF8E8E1EAE83A202D3635370D0A4552524F523A2061726368697665206461746120636F7272757074656420286465636F6D7072657373696F6E20
FTPSIZE 10
FAKEMSG 1
MULTIBIND 1
CHANGEDATE 1
MSGTITLE ISDone.dll
FTPUSER tecnogamertr@gmail.com
OVDNS 1
COMBOPATH 0
FTPHOST tecnogamertr@gmail.com
BIND 1
FTPUPLOADK 1
MELT 0
PWD
SH9 1
OFFLINEK 1
Advertising
VirusTotal

49 out of 57 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
hack2507.myvnc.com 0
Geo Location
Yara Rules
Comments
comments powered by Disqus