General
-
Target
Dekont.exe
-
Size
719KB
-
Sample
230622-gvwscacg97
-
MD5
6600a72fd5d02c1320c5089d07b3353b
-
SHA1
68aaa5b59742f4ab6e916475ef0774c584efba75
-
SHA256
8bc44267a36df18fcd02676cabaab5a82156ceca8abfd373192707a3b554f38a
-
SHA512
4f5e98eff2a46fc608125b1f7daf6cae9cea69a4406ceec39802297b6d783d07c05c98e70cb7fcab2c8188205b7b26c84e74ad463ce7a3dc0e29962daa6f0961
-
SSDEEP
12288:gMwR5LgTASPyjenGXtxZ162EVShywiWtkI7T9B68NSOV+BYiTgRUKNMCW/3K:gMwR5LgTASPi5d1hyqGI7xBHNSRBYict
Static task
static1
Behavioral task
behavioral1
Sample
Dekont.exe
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
Dekont.exe
Resource
win10v2004-20230621-en
Malware Config
Extracted
azorult
http://kngppdp.shop/Dbl3/index.php
Targets
-
-
Target
Dekont.exe
-
Size
719KB
-
MD5
6600a72fd5d02c1320c5089d07b3353b
-
SHA1
68aaa5b59742f4ab6e916475ef0774c584efba75
-
SHA256
8bc44267a36df18fcd02676cabaab5a82156ceca8abfd373192707a3b554f38a
-
SHA512
4f5e98eff2a46fc608125b1f7daf6cae9cea69a4406ceec39802297b6d783d07c05c98e70cb7fcab2c8188205b7b26c84e74ad463ce7a3dc0e29962daa6f0961
-
SSDEEP
12288:gMwR5LgTASPyjenGXtxZ162EVShywiWtkI7T9B68NSOV+BYiTgRUKNMCW/3K:gMwR5LgTASPi5d1hyqGI7xBHNSRBYict
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Deletes itself
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-