General
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
Family
darkcomet
Botnet
Guest16
C2
6.tcp.us-cal-1.ngrok.io:12638
127.0.0.1:1337
Mutex
DC_MUTEX-RSWN5YL
Attributes
-
gencode
7gEewe3dp4fF
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
https://filebin.net/iupwjvd2xjkgmhs2/prebuiltvm.rar
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-