General
-
Target
İsrabok.rar
-
Size
287KB
-
Sample
240316-sa5ejadc7t
-
MD5
ed8e565537a3dac2a20df0e693dc0497
-
SHA1
89542d1ee7f6e84d9d902fad4eb07c76c66d0c68
-
SHA256
ede2bc7e3b42f474384fdf49c38c91bafff7de2820a51abbe78ac5cc9b8852a6
-
SHA512
b2f979d0e7bfb736e68124668772be5d6ad1e828da3cdc6ac0405a3258a04d80f30f9102550311e12c71c3891ff8758b99dbedf8f2fd04adcf8aee8d60432030
-
SSDEEP
6144:0sLNWiQdMhXQJDx6UKcBlogU8dWZ3Hb8FGqh8FimYWqSP8:jLNtQ4XQJd6bcTxQFYFGhYW4
Malware Config
Extracted
darkcomet
Guest16
6.tcp.eu.ngrok.io:12633
DC_MUTEX-CMZ8PA7
-
gencode
B5x3C3ZaFyH2
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
israbokchat.exe
-
Size
756KB
-
MD5
da12c6ff5cd8c76ea98749f8cecca7e0
-
SHA1
320f3efb2d9e2f40a2f572600b594f6d0d962ca9
-
SHA256
11ac419df5e4ff7f40024c59c4eef2376b73ce230a74d76532e02794965798fc
-
SHA512
bc38df1580a168d0c4c83ce15aff98d86f0a96f26ebc12eb1d966ec8370ecdf17786f7c98fbd3496a91c8e33b09070975d667ed55c60d3e3a3c91f9f4570ecfd
-
SSDEEP
12288:v9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h9KlKebJR:ZZ1xuVVjfFoynPaVBUR8f+kN10EBPhO
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-