General
-
Target
dekont.exe
-
Size
249KB
-
Sample
230329-q54qdaab8w
-
MD5
c7d4b47decd58498f00c62638568d1ed
-
SHA1
07fd7929bdd4b63ab0b1f02e0c252a2ac92cc038
-
SHA256
038e05caf82ae977e5131e299da144e0eb8e0e2a9706f0465607ac8c7c725012
-
SHA512
8b829c1d72e87fc7fc7f7b3c2fe88abd678302c93d465e5c73f6b18c283f7756878558ba22008caab2602cdff03408b398821189b3fd2f63a1c1bb0a27a0b018
-
SSDEEP
6144:PYa6+f5UG5BcBkPiy88DlUDopV81yK+O7ioP9189yGPu9uvIvp:PYAhR2b8DF81OOJL89yGIuvIB
Static task
static1
Behavioral task
behavioral1
Sample
dekont.exe
Resource
win7-20230220-en
Malware Config
Extracted
formbook
4.1
k04s
draanabellrojas.com
in03.one
kyraloves.co.uk
laluma.store
londoncell.com
kanurikibueadvocates.com
buyeasynow.net
escapefromtarkov-wiki.com
crewint.net
f-b.boats
beautyaidstudio.com
ashfieldconsultancy.uk
dlogsadood.com
ftgam.xyz
constantinopanama.com
yellowpocket.africa
konyil.com
easomobility.com
1135wickloecourt.com
indexb2b.com
kabridates.com
forty04.com
fourjaysgsps.com
bukkaluy.com
elvanite.co.uk
ccnds.online
medicswellnessconsult.africa
dashuzhupin.com
woodstockwine.africa
advisorsforcharities.com
jathinel.com
bwin6789.com
brandologic.net
courier.africa
f6zx.shop
efefcondemned.buzz
cosmochroniclesblog.com
karmaapps.site
kielenki.africa
classbetter.online
ffp78.com
goodwebob.com
facroryoutletstore.com
kart746.xyz
current-vaancies.com
fourblendedsistas.store
anjuhepay.com
lawexpert9.info
family-doctor-96425.com
telcs.net
huodede.com
clarkwire.xyz
aliencultist.com
innovantexclusive.com
theepiclandings.net
happy-christmass.com
bearcreekwood.com
370zhitch.com
game2casino.com
betternook.com
ginkfazoltrelo.info
andyrichardsonwv.com
handygiftstore.com
orientalwholesale.uk
naijabrain.africa
Targets
-
-
Target
dekont.exe
-
Size
249KB
-
MD5
c7d4b47decd58498f00c62638568d1ed
-
SHA1
07fd7929bdd4b63ab0b1f02e0c252a2ac92cc038
-
SHA256
038e05caf82ae977e5131e299da144e0eb8e0e2a9706f0465607ac8c7c725012
-
SHA512
8b829c1d72e87fc7fc7f7b3c2fe88abd678302c93d465e5c73f6b18c283f7756878558ba22008caab2602cdff03408b398821189b3fd2f63a1c1bb0a27a0b018
-
SSDEEP
6144:PYa6+f5UG5BcBkPiy88DlUDopV81yK+O7ioP9189yGPu9uvIvp:PYAhR2b8DF81OOJL89yGIuvIB
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-