Featured Image

DarkComet RAT 5.3.1

Family Name DarkComet RAT
Main Classification Remote Access
Release Version 5.3.1
Author DarkCoderSc
Origin France 🇫🇷
Affiliation OpenSc.Ws
Languages Delphi , Assembly
Default Port 1604
Release Date Jun, 2012, 13 years, 10 months ago.

Historical Events / Facts

2017
DarkComet and the Umbrage Project

Leaked CIA documents published by WikiLeaks revealed that the agency's secretive "Umbrage" team actively collected and studied widespread malware, including the DarkComet RAT.

2015
Kevin Mitnick's DarkComet Live Demonstrations

Renowned hacker and cybersecurity consultant Kevin Mitnick frequently utilized the DarkComet RAT to conduct live hacking demonstrations during his security conferences, and was even willing to purchase the project's source code for his professional needs. One of his most notable public showcases took place at the CeBIT 2015 technology trade fair, where he used the tool to actively demonstrate real-world cyber threats to the audience.

2012
The RAT Weaponized Against Syrian Activists

Syrian government weaponized DarkComet to bypass encrypted communications and surveil activists during the civil war. DarkComet was distributed through malicious Skype messages disguised with a fake Facebook icon, secretly installing itself to monitor citizens and reportedly leading to widespread arrests. Upon discovering his tool was being exploited by the Assad regime for state-sponsored espionage, DarkComet's creator immediately and permanently halted the project's development.

Screenshots

Distributed Applications

Spoofer.exe

Spoofer.exe

Celesty.exe

Celesty.exe

DarkComet.exe

DarkComet.exe

Key Features

Feature Name Dangerousness Key Categories
Clipboard Manager logoClipboard Manager High Exfiltration, Credentials
Denial Of Service / DDoS logoDenial Of Service / DDoS High Disruption, Alteration
Destructive Operations logoDestructive Operations High Disruption, Alteration
File Manager logoFile Manager High File System, Alteration, Disruption, Exfiltration
Keylogger logoKeylogger High Spy / Surveillance, Credentials
Network Manager logoNetwork Manager High Disruption, Eavesdropping, Exfiltration, Credentials, Lateral Movements
Password Recovery logoPassword Recovery High Lateral Movements, Privilege Escalation, Credentials
Registry Manager logoRegistry Manager High Disruption, Exfiltration, Credentials, System Management, Alteration
Remote Desktop / Screen Capture logoRemote Desktop / Screen Capture High Assistance, Spy / Surveillance
Shell Access logoShell Access High Lateral Movements, System Management, Privilege Escalation
System Information Gathering logoSystem Information Gathering High Lateral Movements, Spy / Surveillance, Privilege Escalation
Voice Recorder logoVoice Recorder High Spy / Surveillance
Webcam Capture logoWebcam Capture High Spy / Surveillance
Process Manager logoProcess Manager Medium System Management, Disruption
Services Manager logoServices Manager Medium Disruption, Assistance, Privilege Escalation
Fun / Troll Functions logoFun / Troll Functions Low Disruption, Alteration

Malware Family References

Other Releases

Version Origins Authors Languages Release Date
DarkComet RAT 1.3 logoDarkComet RAT 1.3 France 🇫🇷 DarkCoderSc Nov, 2009
DarkComet RAT 2.0 RC4 logoDarkComet RAT 2.0 RC4 France 🇫🇷 DarkCoderSc Delphi Mar, 2010
DarkComet RAT 2.0 RC7 logoDarkComet RAT 2.0 RC7 France 🇫🇷 DarkCoderSc Assembly, Delphi Jun, 2010
DarkComet RAT 5.3 logoDarkComet RAT 5.3 France 🇫🇷 DarkCoderSc Assembly, Delphi Jun, 2012
Previous Release Next Release
});