General
-
Target
dekont.exe
-
Size
269KB
-
Sample
220414-ggxgqaggf8
-
MD5
1218da9d299571a80c774838d2a55516
-
SHA1
1bce59e7afb303e0c170cb8f6fdb5a1806e41eda
-
SHA256
50a9cc4decaf32975996710740956b5a9c4985c50ded5a2bb8611945263af65a
-
SHA512
96fef1449441f526e05a1c514d4cb464bbaa2156e8c2e1c84563ac8eb22ee132c2e3593bd09e0516ba171879b4c52d71ddf064abb9dc2a7c1e23f54ecb930895
Static task
static1
Behavioral task
behavioral1
Sample
dekont.exe
Resource
win7-20220310-en
Malware Config
Extracted
xloader
2.5
cbgo
santesha.com
britneysbeautybar.com
sh-cy17.com
jeffcarveragency.com
3117111.com
sobrehosting.net
ddm123.xyz
toxcompliance.com
auditorydesigns.com
vliftfacial.com
ielhii.com
naameliss.com
ritualchariot.com
solchange.com
quatre-vingts.design
lawnmowermashine.com
braceletsstore.net
admappy.com
tollivercoltd.com
vaidix.com
rodrigomartinsadv.com
bouncingskull.com
hamiltonhellerrealestate.com
dream-kidz.com
growupnotgrowold.com
clanginandbangin.com
cornerstone-constructions.com
mcdonalds-delivery.xyz
omnikro.com
nca-group.com
hughers3.com
move-mobius.com
shrivs.com
hoshikuzu-hegemony.com
zpwx17.online
masoncable.com
butecreditunion.com
creativefolksnetwork.xyz
lejanet.com
tacticalslings.club
bestprodutos.com
quirkysoul39.com
sdettest.com
aomendc.xyz
lorticepttoyof6.xyz
nonvaxrnpositions.com
maintainaviation.com
kubanitka.com
fractalmerch.xyz
elbowguru.com
nikiyang.com
cialisactivesupers.com
bestofrochester.info
ynov-rennes.com
saiden8164.com
ffuster.com
papierle.com
dobsonfryedentist.com
rufisquoisedetransit.com
compassionatecuddling.com
kimlady.com
mashinchand.com
semicivilization.com
milamixecommerce.com
ambassadorandceoclub.com
Targets
-
-
Target
dekont.exe
-
Size
269KB
-
MD5
1218da9d299571a80c774838d2a55516
-
SHA1
1bce59e7afb303e0c170cb8f6fdb5a1806e41eda
-
SHA256
50a9cc4decaf32975996710740956b5a9c4985c50ded5a2bb8611945263af65a
-
SHA512
96fef1449441f526e05a1c514d4cb464bbaa2156e8c2e1c84563ac8eb22ee132c2e3593bd09e0516ba171879b4c52d71ddf064abb9dc2a7c1e23f54ecb930895
-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-