General
Static task
static1
URLScan task
urlscan1
Sample
https://youtube.com
Malware Config
Extracted
Family
darkcomet
Botnet
Guest16
C2
gameservice.ddns.net:4320
Mutex
DC_MUTEX-WBUNVXD
Attributes
-
InstallPath
AudioDriver\taskhost.exe
-
gencode
EWSsWwgyJrUD
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
AudioDriver
Targets
-
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext