Details
Malware Family DarkComet
Date Added Feb. 1, 2016, 9:47 p.m.
MD5 eb0c4a7d3cf633ba4c040b994c516adc
Sha256 e55d1db626d296bc274c1cd8e32f90f17dbb377788ef30de397fd339d17cb1ba
Robot Robots lovingly delivered by robohash.org
Config Sections
FWB 0
SID Guest16
FTPPASS 0123456789
CHIDEF 1
CHIDED 1
PERS 1
FTPROOT /
SH10 1
KEYNAME MicroUpdate
MUTEX DC_MUTEX-AG1TWRT
FILEATTRIB 2
EDTDATE 16/04/2007
NETDATA ratloser.no-ip.biz:1604
GENCODE 1CA19Z8h1Po1
EDTPATH MSDCSC\msdcsc.exe
MSGICON 32
FTPPORT 21
INSTALL 1
PERSINST 1
DIRATTRIB 2
SH1 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
SH9 1
FTPSIZE 10
FAKEMSG 1
MULTIBIND 1
CHANGEDATE 0
PDNS 127.0.0.1:arabian.ddns.net
MSGTITLE RakNet
FTPUSER username
OVDNS 1
COMBOPATH 3
FTPHOST ftp.yourhost.com
BIND 1
FTPUPLOADK 1
MELT 1
PWD hacker
MSGCORE CEF8E8E1EAE02C20EFEEE4E4E5F0E6E8E2E0FEF9E8E520F4E0E9EBFB203634782E646C6C20EDE520EDE0E9E4E5EDFB2E
OFFLINEK 1
Advertising
VirusTotal

49 out of 55 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
ratloser.no-ip.biz 50.71.202.98 CA
Geo Location
Yara Rules
Comments
comments powered by Disqus