General
-
Target
Dekont.PDF.exe
-
Size
1.3MB
-
Sample
221018-ndpq2afef4
-
MD5
dd351940dad3168f60d1b3d7cd10347b
-
SHA1
9cf4ff25559de1a6cbaeac06123abf04c2ec12b0
-
SHA256
33f6177e2d98b8b7a93daed5f05883a111f706ed3bcba925c9740c4feac6111e
-
SHA512
1cd9340b1ca9e5c460f69cda5410daa0a8791505b0367a0794b7f2f8fcd2a822d13574c0313fd1997525208a3af2a4e3a9a391d006e2576de13bd3792a78c8fa
-
SSDEEP
24576:hExxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxNusswO7Sayb:ualphF78zLyc/YFdj
Static task
static1
Behavioral task
behavioral1
Sample
Dekont.PDF.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Dekont.PDF.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5310184325:AAFI3fSQ6VcGu_NSTmv7d-qK2WCVhYY_qfg/sendMessage?chat_id=1293496579
Targets
-
-
Target
Dekont.PDF.exe
-
Size
1.3MB
-
MD5
dd351940dad3168f60d1b3d7cd10347b
-
SHA1
9cf4ff25559de1a6cbaeac06123abf04c2ec12b0
-
SHA256
33f6177e2d98b8b7a93daed5f05883a111f706ed3bcba925c9740c4feac6111e
-
SHA512
1cd9340b1ca9e5c460f69cda5410daa0a8791505b0367a0794b7f2f8fcd2a822d13574c0313fd1997525208a3af2a4e3a9a391d006e2576de13bd3792a78c8fa
-
SSDEEP
24576:hExxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxNusswO7Sayb:ualphF78zLyc/YFdj
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-