General
-
Target
ffdbb34a0ac78d04de45eb0bff5f15a3
-
Size
1.2MB
-
Sample
221018-xyq92adfck
-
MD5
ffdbb34a0ac78d04de45eb0bff5f15a3
-
SHA1
4325462805e746134fe9ada22992e970927fd76c
-
SHA256
1b49edb66975cc308188fcf58a350d27a645e8ad754aff84541b8a82736bd005
-
SHA512
994215b895e40d2ee0ca703e379cf1d647a004f6dcd7bb59c24a36c1dff68cd98788b16bc4d978ce0d7c6effd51306133d272bfba8a3069bc4d9e6c45d73bfa1
-
SSDEEP
24576:zyw0jNxVrJkrN5YKo3OIjtuguWuW0blgLdFOPRU5yfIiqqcu2:zyxNPrKoD9T+jfTj8
Static task
static1
Behavioral task
behavioral1
Sample
Dekont.PDF.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Dekont.PDF.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5310184325:AAFI3fSQ6VcGu_NSTmv7d-qK2WCVhYY_qfg/sendMessage?chat_id=1293496579
Targets
-
-
Target
Dekont.PDF.exe
-
Size
1.3MB
-
MD5
dd351940dad3168f60d1b3d7cd10347b
-
SHA1
9cf4ff25559de1a6cbaeac06123abf04c2ec12b0
-
SHA256
33f6177e2d98b8b7a93daed5f05883a111f706ed3bcba925c9740c4feac6111e
-
SHA512
1cd9340b1ca9e5c460f69cda5410daa0a8791505b0367a0794b7f2f8fcd2a822d13574c0313fd1997525208a3af2a4e3a9a391d006e2576de13bd3792a78c8fa
-
SSDEEP
24576:hExxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxNusswO7Sayb:ualphF78zLyc/YFdj
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-