Forum Thread: Darkcomet Server Disassembly

Darkcomet Server Disassembly

Hey guys, I've one question. How can I see configuration on a created Darkcomet server file so I can see which ip the server is accessing (attackers ip)?

2 Responses

I don't know how to get via static analisys, but you can always set up a VM, sniff the traffic and run the server. You will get where it connects to.

Some rats have hardcoded values, so if you can make another server yourself and compare the two files, you will get the custom config offset, but if your sample is packed or modified, that won't work. In any case, first tip will likely get the attackers IP for any kind of bot.

Share Your Thoughts

  • Hot
  • Active