Details
Malware Family DarkComet
Date Added Jan. 17, 2016, 6:42 a.m.
MD5 e22e2e48b695bacf56e16566bd441989
Sha256 f04cd71592c1dbc2a4c57cc51654ffffeec1caec675a3568585cafb2af905c19
Robot Robots lovingly delivered by robohash.org
Config Sections
BIND 1
MSGICON 16
SH1 1
MSGTITLE Microsoft Visual C++ Runtime Library Runtime Error
FTPPORT 21
FWB 1
MSGCORE 46696C65204E6F7420466F756E64204D6963726F736F66742056697375616C20432B2B2032303133
FTPROOT /
SH10 1
KEYNAME svchost
MUTEX DC_MUTEX-L8ETQXW
MELT 1
INSTALL 1
SID illay
SH4 1
FTPPASS 0631060949a
PERSINST 1
SH5 1
DIRATTRIB 6
CHIDEF 1
CHIDED 1
FTPUSER nadcauca
SH6 1
COMBOPATH 7
FTPHOST nad.caucasus.net
SH8 1
FILEATTRIB 6
FTPUPLOADK 1
SH7 1
FAKEMSG 1
EDTDATE 16/04/2014
PERS 1
PWD Submelol123
SH3 1
NETDATA hyperlinkfrost.no-ip.org:1604
SH9 1
PDNS 192.168.1.100:faierred.ddns.net
OFFLINEK 1
GENCODE YWal9hCQsJwq
FTPSIZE 10
CHANGEDATE 1
EDTPATH MSDCSC\msdcsc.exe
Advertising
VirusTotal

48 out of 55 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
hyperlinkfrost.no-ip.org 94.241.201.129 RU
Geo Location
Yara Rules
Comments
comments powered by Disqus