Resubmissions
18-11-2022 14:52
221118-r85mhshf55 108-11-2022 14:30
221108-rvcpkscaa3 807-11-2022 15:52
221107-tbh4csefh4 807-11-2022 10:35
221107-mm5m6secgn 106-11-2022 13:08
221106-qdjk5aehgj 905-11-2022 20:23
221105-y589vsbhcj 805-11-2022 16:11
221105-tm8s6aaggj 1005-11-2022 07:34
221105-jd7jmaggal 804-11-2022 20:40
221104-zgabascfgq 8General
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
Family
darkcomet
Botnet
Guest16
C2
gameservice.ddns.net:4320
Mutex
DC_MUTEX-WBUNVXD
Attributes
-
InstallPath
AudioDriver\taskhost.exe
-
gencode
EWSsWwgyJrUD
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
AudioDriver
Targets
-
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext