DarkComet Malware Analizi
Dosya Ozellikleri
SHA256: e6edf54375a14314aa44db9fe8cdd48368338e7ed873f25ba2a6a5ff4381d233
MD5: 800b9d7f3a47c5a18da78cb6a54f90be
Dosya Tipi: exe
Boyut: 909,312 byte
Ilk Gorulme: 2021-02-23
AV Imzasi: DarkComet
Imphash: d9b63245519b223a1f7026d72643602b
Raporlayan: abuse_ch
Etiketler: DarkComet, exe, nVpn, RAT
Statik analiz: metadata tabanli (ornek indirilmedi)
DarkComet — Malware Profile
DarkComet RAT Delphi tabanlı. Facebook.exe sosyal medya gizleme. IAMStreamConfig4 DirectShow webcam/mikrofon. MSConfig startup kalıcılık.
Technical Details
Delphi, TCP custom protocol, keylogger (KEYLOGGER_PASSIVE/ACTIVE), screen capture, webcam/microphone, file manager, registry editor, remote shell, FTP-like file transfer
Capabilities & Behavior
IOC List (1 indicators)
# FILEPATH
e6edf54375a14314aa44db9fe8cdd48368338e7ed873f25ba2a6a5ff4381d233
| Type | Value | Note |
|---|---|---|
| filepath | e6edf54375a14314aa44db9fe8cdd48368338e7ed873f25ba2a6a5ff4381d233 | PDB |
C2 Servers (1 recorded servers for this family)
| Address | Type | Port | Protocol | Status | Country |
|---|---|---|---|---|---|
| dkcomet.dedyn.io | domain | 1604 | TCP | inactive | DE |
C2 addresses are provided only from malware samples manually verified by the KEYDAL team. Commercial use is prohibited.