DarkComet RAT explained

It is dark and it strikes like a comet

The DarkComet Remote Administration Tool is a project which has been disbanded by the main developer but the hacking community has taken the DarkComet RAT and have modified in such an matter that it is now providing services to thousands of hackers and cybercriminals around the globe.

darkcomet rat

DarkComet

The DarkComet Remote Administration Tool is a typical RAT. The RAT allows the operator to create an malicious executable which needs to be run on the victims device. The RAT also allows the operator to perform various tasks via an easy to use graphical user interface.

But the most important part of the DarkComet RAT is that it is very dynamic and it is very user friendly, meaning that hackers from all ages will be able to operate the DarkComet RAT.

The DarkComet RAT holds various “Spy Functions” which allows the operator to operate the following services on the infected device:

  • Webcam capture
  • Sound capture
  • Remote desktop
  • Keylogger

Security researchers and malware analysts are using DarkComet YARA rules and other type of identifying techniques to identify DarkComet RATs before they can do any actual damage.

Did you know that the DarkComet RAT creates an static MUTEX on the infected devices? This mutex is an indicator of comprimise and it is one of the many identifying points which are used by security researchers to identify the DarkComet RAT on infected devices.

If you are interested in taking a closer look at the DarkComet RAT, I strongly urge you to lookup the following MD5 values on VirusTotal and Google. The MD5 values below will help you to find DarkComet RAT samples on the internet which you can use for analysis.

  • 1e3902567011922e1fe9604ad10659fe
  • 79cd095c7945bdbb044806da79ab0f13
  • 8f47fda8848ba07ec4e888a4d40092b6
  • d9de696b68223f6ef2f8c189a6527028
  • b8b74c244a970ed9746aff3bb24f06f6
  • d5e61471e13a9ae6d2d29a14f1c70ba3
  • 2d0808e69ec667102f2b94d669797576
  • 69aefc33fd5695060b0f6d6fc0bab595
Founder of Cyberwarzone.com.