DarkComet Malware Analizi
Dosya Ozellikleri
SHA256: f9b5b222b0911d095cdae3ae34c5c3f647ff0c08b40246fcabd3e7a03abcbb30
MD5: 8e6fb813fdbfb1b6815c8f7c47a5ac13
Dosya Tipi: exe
Boyut: 1,832,448 byte
Ilk Gorulme: 2021-09-23
AV Imzasi: DarkComet
Imphash: e76c6ebb259337a0f26e3cdd8f85ac5b
Raporlayan: JAMESWT_WT
Etiketler: DarkComet, exe
Statik analiz: metadata tabanli (ornek indirilmedi)
DarkComet — Malware Profile
DarkComet RAT Delphi tabanlı. Facebook.exe sosyal medya gizleme. IAMStreamConfig4 DirectShow webcam/mikrofon. MSConfig startup kalıcılık.
Technical Details
Delphi, TCP custom protocol, keylogger (KEYLOGGER_PASSIVE/ACTIVE), screen capture, webcam/microphone, file manager, registry editor, remote shell, FTP-like file transfer
Capabilities & Behavior
IOC List (1 indicators)
# FILEPATH
f9b5b222b0911d095cdae3ae34c5c3f647ff0c08b40246fcabd3e7a03abcbb30
| Type | Value | Note |
|---|---|---|
| filepath | f9b5b222b0911d095cdae3ae34c5c3f647ff0c08b40246fcabd3e7a03abcbb30 | PDB |
C2 Servers (1 recorded servers for this family)
| Address | Type | Port | Protocol | Status | Country |
|---|---|---|---|---|---|
| dkcomet.dedyn.io | domain | 1604 | TCP | inactive | DE |
C2 addresses are provided only from malware samples manually verified by the KEYDAL team. Commercial use is prohibited.