DarkComet Malware Analizi

Dosya Ozellikleri

SHA256: b13b73296a76348fa21f9d6120e93b0e6788dd1e0ffe245c23313384db089fd6

MD5: 0bb1cb742eaddbad11d9e96993fb23d7

Dosya Tipi: exe

Boyut: 733,184 byte

Ilk Gorulme: 2021-09-03

AV Imzasi: DarkComet

Imphash: 009023b6b22e202aa54365d2270f6f95

Raporlayan: JAMESWT_WT

Etiketler: DarkComet, exe

Statik analiz: metadata tabanli (ornek indirilmedi)

DarkComet — Malware Profile

DarkComet RAT Delphi tabanlı. Facebook.exe sosyal medya gizleme. IAMStreamConfig4 DirectShow webcam/mikrofon. MSConfig startup kalıcılık.

Malware Type
RAT
Programming Language
Delphi
C2 Protocol
TCP
Target Systems
Windows

Technical Details

Delphi, TCP custom protocol, keylogger (KEYLOGGER_PASSIVE/ACTIVE), screen capture, webcam/microphone, file manager, registry editor, remote shell, FTP-like file transfer

Capabilities & Behavior

Uzaktan Erişim & Kontrol
Keylogger
Ekran Görüntüsü
Webcam Erişimi
Dosya Yönetimi
Süreç Yönetimi
Komut Yürütme
Kalıcılık Mekanizması

IOC List (1 indicators)

IOC — DarkComet
# FILEPATH b13b73296a76348fa21f9d6120e93b0e6788dd1e0ffe245c23313384db089fd6
TypeValueNote
filepath b13b73296a76348fa21f9d6120e93b0e6788dd1e0ffe245c23313384db089fd6 PDB

C2 Servers (1 recorded servers for this family)

Address Type Port Protocol Status Country
dkcomet.dedyn.io domain 1604 TCP inactive DE

C2 addresses are provided only from malware samples manually verified by the KEYDAL team. Commercial use is prohibited.

Tags
DarkCometexe