Details
Malware Family DarkComet
Date Added Feb. 7, 2016, 10:12 p.m.
MD5 e2e409e1f776322edd4bf36e9472abcb
Sha256 92984b9d6fb60a64ac464f16ba58d9f56098580fdd2bbd1e55cc5d04d61d11d6
Robot Robots lovingly delivered by robohash.org
Config Sections
MSGICON 16
CHIDED 1
FTPPORT 21
FWB 1
EDTDATE 16/04/2007
INSTALL 1
SID Guest16
FTPPASS xpbo9u4k
PERSINST 1
DIRATTRIB 6
CHIDEF 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
MSGCORE 57696E646F77732038206973206D697373696E670D0A
FTPSIZE 10
FAKEMSG 1
PERS 1
CHANGEDATE 0
SH1 1
FTPROOT /home/data/users/h/hackthenet/Forum
SH10 1
KEYNAME SystemConf
MUTEX DC_MUTEX-H8BCWR6
MSGTITLE Error
FTPUSER hackthenet
FILEATTRIB 6
COMBOPATH 2
FTPHOST ftp14.redby.fr
BIND 1
FTPUPLOADK 1
MELT 1
PWD 0123456789
NETDATA marwan123.no-ip.biz:1604
SH9 1
OFFLINEK 1
GENCODE ndt4iHSicenn
EDTPATH System32\Sysconf.exe
Advertising
VirusTotal

48 out of 54 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
marwan123.no-ip.biz 0
Geo Location
Yara Rules
Comments
comments powered by Disqus