Details
Malware Family DarkComet
Date Added Feb. 1, 2016, 9:47 p.m.
MD5 e5d67033781c025d04282a10c84ef7ee
Sha256 d7878f0192a81d2431185a2c7041fe4ba7f639ac7184e893afc880b2b288377c
Robot Robots lovingly delivered by robohash.org
Config Sections
FWB 1
SID Guest16
FTPPASS 0123456789
CHIDEF 1
CHIDED 1
PERS 1
FTPROOT /
SH10 1
KEYNAME MicroUpdate
MUTEX DC_MUTEX-C27VYB1
FILEATTRIB 6
EDTDATE 16/04/2007
NETDATA xat35.duckdns.org:1604
GENCODE s9ufE09kAKqZ
EDTPATH MSDCSC\msdcsc.exe
MSGICON 16
FTPPORT 21
INSTALL 1
PERSINST 1
DIRATTRIB 6
SH1 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
SH9 1
FTPSIZE 10
FAKEMSG 1
MULTIBIND 1
CHANGEDATE 1
PDNS 127.0.0.1:arabian.ddns.net
MSGTITLE Dosya bulunamad
FTPUSER username
OVDNS 1
COMBOPATH 5
FTPHOST ftp.yourhost.com
BIND 1
FTPUPLOADK 1
MELT 0
PWD hacker
MSGCORE 456B73696B20646F737961
OFFLINEK 1
Advertising
VirusTotal

48 out of 54 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
xat35.duckdns.org 78.184.186.240 TR
Geo Location
Yara Rules
Comments
comments powered by Disqus