What does RAT stand for?
How does the RAT program work?
RAT consists of two parts: client and server. In the RAT program itself (Client) that runs on the attacker’s computer, a server program is created which is sent to the victim. After the victim starts, a remote computer (host) appears in the client’s program window, to which you can remotely connect. From this moment on, the victim’s computer is under the complete control of the intruder.Configuring Dark Comet: prepare the server module
We pass along the path:
expert mode settings
By clicking we get into the settings window of the module that will function on the side of the victim. The third (conditionally) quadrant of the program window contains settings that the administrator must change in stages. So:
dark comet settings
- Main Settings – Basic Settings
- Network Settings – Network Settings
- Module Startup – Module Startup
- Install Message – Message after successful installation
- Module Shield – Module Security
- Keylogger – Keyboard Interceptor
- Hosts File – hosts configuration file
- Add plugins – Add Plugins
- File Binder – file folder (a trojan can be pasted to it)
- Choose Icon – Choose Label
- Stub Finalization – Completion
In network settings it we select the IP address to which the information will come and the port number. ADD button you can add multiple IP addresses — a hell of a useful setting but don’t neglect it: outgoing traffic to a bunch of addresses is a noticeable operation even for an amateur victim. But when testing a program, it is an invaluable setting. also We will return to it with specific examples.
As for the port number. The one that defaults is immediately discarded and selected in the range up to 1000. This port should be open for receiving primarily on your computer, so we need to forward the installed port as well. DARKCOMET RAT
This is the Documents folder, Desktop, Windows folder, cookies, etc. also If you exercise, the name ( Install Name ) and the location of the file will not matter. If the attack is being prepared more carefully – the hacker will hide the Trojan in the folder a little deeper, and call it familiar to any user, so as not to arouse suspicion:
how to hide the dark comet
I repeat, this is the most “tasty” window in which you can select the following Trojan parameters:
- Melt file after first execution – after launching the file will disappear from the victim’s sight
- Change the creation date – the date of file creation in its description will be what you set – the most important moment in the opponent’s distraction
- Persistence Installation option – forced installation – a mandatory option for a hacker.
Finally, the lower part of the settings window. Installed module file attributes sets the two most important attributes for the file itself and the parent folder: Hidden, System.
Install Message window – here you can attach a message that will be reflected in the program window after installing the program, if everything went as it should:
A message from the dark comet
Module Shield section is also very important for a hacker. also This window allows you to sequentially:
protection of the module Dark Comet
This window allows you to intercept typed characters from the keyboard, then sending logs to the specified address. Please note that the window for selecting the FTP path can be omitted:
dark comet keyloger
Hosts file settings allow you to replace the .hosts file of the same name.
A serious application in which a hacker can send a victim only to specific sites or, conversely, prohibit visits to others or even completely disconnect from the Internet.
Let us skip the Add plugins and File Binder plug-ins so far – I promise to return to them because they will expand the Trojan and stick it to the desired file: now only the Dark Comet setting is considered as a Trojan’s body. Also deliberately skip the icons offered in Choose Icone – they are antediluvian and catch the eye.
Finishes the Trojan module settings. Offers a choice of execution version of the Trojan: in what form it starts. Here is:
- .exe file – the trojan will be presented as a small utility
- . com – in the form of a DOS utility (without an icon anywhere)
- . bat – batch file (no icon anywhere)
- . pif – DOS utility shortcut (on modern versions it is very striking)
- . scr – as a screen saver
With the possibility of compression, everything is clear:
I still do not see much sense in these settings, although the file to which the Trojan will be glued may be of small size itself. So at discretion. also Link to the fake Trojan under the picture at the top of the article.
There is also no need to create a patch – Dark Comet has not been updated for a long time (they say, the creator has big problems with the creation of the program). It remains for us to save the profile for each of the settings – if these settings are not sharpened by the hacker for any specific purpose, but are tried, for example, as an option for many potential victims (according to the “who gets caught” principle), the hacker will try the Trojan in as many as possible cases and in different areas of the network.
The general Dark Comet setup is complete. Creating a Trojan module will start when you click the lowest button, Build the stub. The process will be displayed immediately in the window: