DarkComet RAT explained

It is dark and it strikes like a comet

The DarkComet RAT holds various “Spy Functions” which allows the operator to operate the following services on the infected device:

  • Webcam capture
  • Sound capture
  • Remote desktop
  • Keylogger

Security researchers and malware analysts are using DarkComet YARA rules and other type of identifying techniques to identify DarkComet RATs before they can do any actual damage.

Did you know that the DarkComet RAT creates an static MUTEX on the infected devices? This mutex is an indicator of comprimise and it is one of the many identifying points which are used by security researchers to identify the DarkComet RAT on infected devices.

If you are interested in taking a closer look at the DarkComet RAT, I strongly urge you to lookup the following MD5 values on VirusTotal and Google. The MD5 values below will help you to find DarkComet RAT samples on the internet which you can use for analysis.

  • 1e3902567011922e1fe9604ad10659fe
  • 79cd095c7945bdbb044806da79ab0f13
  • 8f47fda8848ba07ec4e888a4d40092b6
  • d9de696b68223f6ef2f8c189a6527028
  • b8b74c244a970ed9746aff3bb24f06f6
  • d5e61471e13a9ae6d2d29a14f1c70ba3
  • 2d0808e69ec667102f2b94d669797576
  • 69aefc33fd5695060b0f6d6fc0bab595