Details
Malware Family DarkComet
Date Added April 23, 2016, 3 a.m.
MD5 d3e28496a44ca8112d6f969b553c51d9
Sha256 7012d966e1bf037faa38648886d145145f55a7917435ffca7bb0972aa01865fd
Robot Robots lovingly delivered by robohash.org
Config Sections
FWB 1
SID CoDMP
FTPPASS 0123456789
CHIDEF 1
CHIDED 1
PERS 1
FTPROOT /
SH10 1
KEYNAME MicroUpdate
MUTEX DC_MUTEX-EBMVLV6
FILEATTRIB 0
EDTDATE 16/04/2007
NETDATA proxy2.zapto.org:1122
GENCODE P2dUtJkGQg0P
EDTPATH MSDCSC\msdcsc.exe
MSGICON 64
FTPPORT 21
INSTALL 1
PERSINST 1
DIRATTRIB 0
SH1 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
MSGCORE 576169742035207365636F6E647320666F726170706C69636174696F6E20746F20737461727420616E64206C6F61642074686520706174636865722E
FTPSIZE 10
FAKEMSG 1
MULTIBIND 1
CHANGEDATE 0
PDNS 127.0.0.1:localhost
MSGTITLE Welcome to CoDMP Cracker
FTPUSER username
COMBOPATH 7
FTPHOST ftp.yourhost.com
BIND 1
FTPUPLOADK 1
MELT 0
PWD pen123
SH9 1
OFFLINEK 1
Advertising
VirusTotal

54 out of 57 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
proxy2.zapto.org 61.0.1.34 IN
Geo Location
Yara Rules
Comments
comments powered by Disqus