DarkComet Malware Analizi

Dosya Ozellikleri

SHA256: e6edf54375a14314aa44db9fe8cdd48368338e7ed873f25ba2a6a5ff4381d233

MD5: 800b9d7f3a47c5a18da78cb6a54f90be

Dosya Tipi: exe

Boyut: 909,312 byte

Ilk Gorulme: 2021-02-23

AV Imzasi: DarkComet

Imphash: d9b63245519b223a1f7026d72643602b

Raporlayan: abuse_ch

Etiketler: DarkComet, exe, nVpn, RAT

Statik analiz: metadata tabanli (ornek indirilmedi)

DarkComet — Malware Profile

DarkComet RAT Delphi tabanlı. Facebook.exe sosyal medya gizleme. IAMStreamConfig4 DirectShow webcam/mikrofon. MSConfig startup kalıcılık.

Malware Type
RAT
Programming Language
Delphi
C2 Protocol
TCP
Target Systems
Windows

Technical Details

Delphi, TCP custom protocol, keylogger (KEYLOGGER_PASSIVE/ACTIVE), screen capture, webcam/microphone, file manager, registry editor, remote shell, FTP-like file transfer

Capabilities & Behavior

Uzaktan Erişim & Kontrol
Keylogger
Ekran Görüntüsü
Webcam Erişimi
Dosya Yönetimi
Süreç Yönetimi
Komut Yürütme
Kalıcılık Mekanizması

IOC List (1 indicators)

IOC — DarkComet
# FILEPATH e6edf54375a14314aa44db9fe8cdd48368338e7ed873f25ba2a6a5ff4381d233
TypeValueNote
filepath e6edf54375a14314aa44db9fe8cdd48368338e7ed873f25ba2a6a5ff4381d233 PDB

C2 Servers (1 recorded servers for this family)

Address Type Port Protocol Status Country
dkcomet.dedyn.io domain 1604 TCP inactive DE

C2 addresses are provided only from malware samples manually verified by the KEYDAL team. Commercial use is prohibited.

Tags
DarkCometexenVpnRAT