Details
Malware Family DarkComet
Date Added Feb. 7, 2016, 10:12 p.m.
MD5 ece5c45fa4818d2557c6fb283965c999
Sha256 73742123e54ca993775cd73dc661a7b2c898863503ac45b9679a9828f6976052
Robot Robots lovingly delivered by robohash.org
Config Sections
MSGICON 0
FTPPORT 14147
FWB 0
MELT 1
INSTALL 1
SID Guest16
FTPPASS
PERSINST 1
DIRATTRIB 2
CHIDEF 1
CHIDED 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
SH9 1
FTPSIZE 10
FAKEMSG 1
PERS 1
SH3 1
CHANGEDATE 1
SH1 1
FTPROOT /
SH10 1
KEYNAME svchost
MUTEX DC_MUTEX-H0DT547
MSGTITLE PISUN
FTPUSER Liushena
FILEATTRIB 2
OVDNS 1
COMBOPATH 2
FTPHOST 127.0.01
BIND 1
FTPUPLOADK 1
EDTDATE 12/5/2010
PWD 0123456789
NETDATA 192.168.1.125:10420|75.23.201.71:10420
MSGCORE 57656C636F6D6520746F204461726B436F6D6574205241542E
PDNS 127.0.0.1:localhost
OFFLINEK 1
GENCODE aygVTjAYkH
EDTPATH svchost.exe
Advertising
VirusTotal

45 out of 54 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
192.168.1.125 0
75.23.201.71 US
Geo Location
Yara Rules
Comments
comments powered by Disqus