DarkComet Malware Analizi

Dosya Ozellikleri

SHA256: f9b5b222b0911d095cdae3ae34c5c3f647ff0c08b40246fcabd3e7a03abcbb30

MD5: 8e6fb813fdbfb1b6815c8f7c47a5ac13

Dosya Tipi: exe

Boyut: 1,832,448 byte

Ilk Gorulme: 2021-09-23

AV Imzasi: DarkComet

Imphash: e76c6ebb259337a0f26e3cdd8f85ac5b

Raporlayan: JAMESWT_WT

Etiketler: DarkComet, exe

Statik analiz: metadata tabanli (ornek indirilmedi)

DarkComet — Malware Profile

DarkComet RAT Delphi tabanlı. Facebook.exe sosyal medya gizleme. IAMStreamConfig4 DirectShow webcam/mikrofon. MSConfig startup kalıcılık.

Malware Type
RAT
Programming Language
Delphi
C2 Protocol
TCP
Target Systems
Windows

Technical Details

Delphi, TCP custom protocol, keylogger (KEYLOGGER_PASSIVE/ACTIVE), screen capture, webcam/microphone, file manager, registry editor, remote shell, FTP-like file transfer

Capabilities & Behavior

Uzaktan Erişim & Kontrol
Keylogger
Ekran Görüntüsü
Webcam Erişimi
Dosya Yönetimi
Süreç Yönetimi
Komut Yürütme
Kalıcılık Mekanizması

IOC List (1 indicators)

IOC — DarkComet
# FILEPATH f9b5b222b0911d095cdae3ae34c5c3f647ff0c08b40246fcabd3e7a03abcbb30
TypeValueNote
filepath f9b5b222b0911d095cdae3ae34c5c3f647ff0c08b40246fcabd3e7a03abcbb30 PDB

C2 Servers (1 recorded servers for this family)

Address Type Port Protocol Status Country
dkcomet.dedyn.io domain 1604 TCP inactive DE

C2 addresses are provided only from malware samples manually verified by the KEYDAL team. Commercial use is prohibited.

Tags
DarkCometexe