Details
Malware Family DarkComet
Date Added March 10, 2016, 3 a.m.
MD5 d336beecabce0867124ac82d48f850d6
Sha256 2255ca19314a681650331dec170c3771ddb94309046f7fa866e662cd20a3e6d4
Robot Robots lovingly delivered by robohash.org
Config Sections
BIND 1
MSGICON 64
SH1 1
MSGTITLE Welcome
FTPPORT
FWB 1
SH6 1
MSGCORE 42752063727970746572204B6F64656D2061696C6573696E65206169747469722E54FC6D20536F72756D6C756C756B204B756C6C616EFD63FD7961204169747469722121210D0A0D0A20DD7969204B756C6C616EFD6D6C6172207C204B6F64656D20202020202020200D0A2020202020200D0A2054414D414D27206120426173FD6E200D0A
FTPROOT
SH10 1
KEYNAME - Windows
MUTEX DC_MUTEX-FQHX5MT
MELT 0
INSTALL 1
SID Guest16
SH4 1
FTPPASS
PERSINST 1
DIRATTRIB 6
CHIDEF 1
CHIDED 1
FTPUSER
SH5 1
COMBOPATH 7
FTPHOST
SH8 1
FILEATTRIB 6
FTPUPLOADK
SH7 1
FAKEMSG 1
EDTDATE 16/04/2007
PERS 1
PWD 0123456789
SH3 1
NETDATA scapegaming.ddns.net:1604
SH9 1
OFFLINEK 1
GENCODE qCNoYBry7Ef2
FTPSIZE
CHANGEDATE 0
EDTPATH MSDCSC\svchost.exe
Advertising
VirusTotal

48 out of 56 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
scapegaming.ddns.net 176.109.241.30 UA
Geo Location
Yara Rules
Comments
comments powered by Disqus