DarkComet RAT sample – DC_MUTEX-ZR8S2L3 and DCPERSFWBP

Are you searching for DarkComet RAT samples and mutexes?! Then stop your search and take a look at the “771d517a868c3564c06ad7b9a143ff74” RAT example which has been identified by us on “ 30-Sep-14”. 

The DarkComet RAT is often used by script kiddies and cyber criminals to control multiple infected computers at once via a DarkComet RAT graphical user interface.

The DarkComet RAT allows the operator to fully control an infected computer. This is the information which we were able to collect from the “771d517a868c3564c06ad7b9a143ff74 DarkComet RAT sample.

DarkComet RAT information which was identified on 30-Sep-14

MD5

 771d517a868c3564c06ad7b9a143ff74

SHA256

 1229dd2084a39eb480765eea115d36be142558deeb3e539e55025ac8a30a6013

FILESIZE

 774144

FILETYPE

 PE32 executable (GUI) Intel 80386, for MS Windows

DC-MUTEX

 DC_MUTEX-ZR8S2L3 and DCPERSFWBP

DOMAIN

 hacker-120.no-ip.org

IP

 197.203.171.6

DARKCOMET RAT

DarkComet RAT capabilities

The capabilities of DarkComet RAT allow the operator to start the following functions on the infected device (not a full list):

  • Microphone
  • Webcam
  • Visit website
  • Navigate through folder

Additional notes

This sample creates two mutexes

virustotal scan

SCAN WITH VIRUSTOTAL

https://www.virustotal.com/en/url/submission/?force=1&url=hacker-120.no-ip.org