What is DarkComet RAT?

This malware allows hackers to remotely control the infected computer, granting them access to the camera and microphone. Consequently, DarkComet is utilized to monitor victims' activities, capture screenshots, perform key-logging, or steal sensitive information.

The malware has undergone several iterations, with DarkComet 5.7 still being accessible.

Cybercriminals employ various social engineering tactics to trick targets into downloading and executing the RAT. In some instances, attackers use DarkComet to deploy additional malicious software on the compromised machine. Moreover, hackers may incorporate the victim's machine into a botnet scheme, such as disseminating spam.
-------------------------------------------------------------
Execution process:

DarkComet follows a typical RAT execution process.

The infected system connects to the hacker's computer, granting the attacker full access. Attackers can exploit all the system's features: the infected machine is prepared to receive packets and execute commands.

Systems communicate via TCP to the designated DarkComet malware port on the selected IP/domain. Then, C&C traffic commences with RC4-256 encryption.

The execution process of DarkComet varies depending on the sample and version. The most straightforward execution involves just one process that carries out all activities in the infected system.

In some cases, malware may use system utilities to defend against evasion or persistence. For example, it may employ the T1564.001 technique: malware initiates attrib.exe through cmd.exe to hide the main executable. In the system process, iexplorer was injected with malicious code and subsequently provided the main malicious activity.
-------------------------------------------------------------
Feel free to use DarkComet RAT under a virtual environment as you need to disable all security on your machine, then it is safer.

Please note that you must set up your VM in bridge or physical interface instead of NAT in network settings.