DarkComet RAT Analysis Part 1: Setup and AV Evasion

How to roll your own malware and evade AV

In this first of a 3-part video series and blog post, we show how a standard crimeware SDK like DarkComet can be used to build a custom RAT (or “Remote Administration Tool”) that easily evades standard AV yet provides total control of a target machine. DarkComet shot to fame (or infamy) as the tool of choice by Syrian government supports to spy on the opposition movement. It’s a go-to tool for less technical hackers because, as we show in the video, its simple UI makes rolling your own malware a breeze even for a beginner. Better yet, DarkComet has extensive options for customizing the functionality and minimising the chances of blocking or detection by AV and other signature-based security solutions. In the example here we show the complete hack cycle from creation of the malware dropper through compromise to retrieving any requested data from the target machine and netowrk.

Bookmark our YouTube channel or add our blog to your RSS feed to get our subsequent posts where we’ll show ECAT detection and analysis.