General
-
Target
DEKONT.exe
-
Size
338KB
-
Sample
210624-8vqyhvgdz2
-
MD5
24676c7286358c4db1b693c07032b737
-
SHA1
bb0377a8fdd9b8a7b16d4932f76d5c6dd2cb193d
-
SHA256
08bb58c8a18dae95ca3131728861a226549301b13e23d7adff0ac5d94e75129a
-
SHA512
0e625ad092ccc6b10ad49061ae69f0ea92eeb70511f8dea22f6058d91fc0ac0c3d5f3dac1a91f13d6e1275b955fdf16ba7a9a42013208dd1b7e8199c8e3f7a8c
Static task
static1
Behavioral task
behavioral1
Sample
DEKONT.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
DEKONT.exe
Resource
win10v20210410
Malware Config
Extracted
azorult
http://smkn1cilegon.sch.id/huPI/index.php
Targets
-
-
Target
DEKONT.exe
-
Size
338KB
-
MD5
24676c7286358c4db1b693c07032b737
-
SHA1
bb0377a8fdd9b8a7b16d4932f76d5c6dd2cb193d
-
SHA256
08bb58c8a18dae95ca3131728861a226549301b13e23d7adff0ac5d94e75129a
-
SHA512
0e625ad092ccc6b10ad49061ae69f0ea92eeb70511f8dea22f6058d91fc0ac0c3d5f3dac1a91f13d6e1275b955fdf16ba7a9a42013208dd1b7e8199c8e3f7a8c
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-