General
-
Target
Dekont.PDF.exe
-
Size
1.3MB
-
Sample
221018-jm4t4afaa7
-
MD5
8feabe088c948dc8f387c098e6840ed4
-
SHA1
52522a7e7bae6061fc3b32ec3a25af902f164af8
-
SHA256
8908acf28585acbad787f5b1fc7b53b99ca8fb7d03ef05cdb6cd436102fd82cc
-
SHA512
593af500334afd603b4ab82d315362123000a078772a5f1f5dd5eb29aae39606eb87ef96cb9915bb243365c851de54646ffd81eff666b4277144184c008bef01
-
SSDEEP
24576:br3xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxNussBq5fr+:0qhrk1QmY9OrXS76Fdj
Static task
static1
Behavioral task
behavioral1
Sample
Dekont.PDF.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Dekont.PDF.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5310184325:AAFI3fSQ6VcGu_NSTmv7d-qK2WCVhYY_qfg/sendMessage?chat_id=1293496579
Targets
-
-
Target
Dekont.PDF.exe
-
Size
1.3MB
-
MD5
8feabe088c948dc8f387c098e6840ed4
-
SHA1
52522a7e7bae6061fc3b32ec3a25af902f164af8
-
SHA256
8908acf28585acbad787f5b1fc7b53b99ca8fb7d03ef05cdb6cd436102fd82cc
-
SHA512
593af500334afd603b4ab82d315362123000a078772a5f1f5dd5eb29aae39606eb87ef96cb9915bb243365c851de54646ffd81eff666b4277144184c008bef01
-
SSDEEP
24576:br3xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxNussBq5fr+:0qhrk1QmY9OrXS76Fdj
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-