Details
Malware Family DarkComet
Date Added March 24, 2019, 5:20 p.m.
MD5 e1cb616556be020f4d728265dbbdcc49
Sha256 71a1cb5c6de05b8bb2af1a808eae57e9cc119d77713ed275e5f3c88ed013ddfd
Robot Robots lovingly delivered by robohash.org
Config Sections
FTPPORT
FWB 0
SH6 1
FTPROOT
KEYNAME Mupdate_bv
MUTEX DC_MUTEX-1JZKULF
MELT 0
INSTALL 1
SID kyonyu_elf_hahamusume
FTPPASS
PERSINST 1
DIRATTRIB 6
SH1 1
FTPUSER
SH5 1
COMBOPATH 10
FTPHOST
FILEATTRIB 6
FTPUPLOADK
EDTDATE 16/04/2007
PERS 1
PWD
NETDATA 127.0.0.1:200|cystau.ddns.net:1212
OFFLINEK 1
GENCODE 97bl2xSlZQwt
FTPSIZE
CHANGEDATE 0
EDTPATH temp_bv\svchost.exe
Advertising
VirusTotal

63 out of 70 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
127.0.0.1 0
cystau.ddns.net 153.199.74.6 JP
Geo Location
Yara Rules
Comments
comments powered by Disqus