General
-
Target
Dekont.exe
-
Size
580KB
-
Sample
231122-rpjwpsda68
-
MD5
d8b05157b3b2358b828ddf6a8c6ffb48
-
SHA1
719820b9e180b0424aed7c99539ddc1a6c06eedf
-
SHA256
a2a6c37a9c06dd99e8b897fa89981cdfc0517469fdc49d6f4be416669c4e6fb1
-
SHA512
2d2e18ab96fc2e6c7558843be53ad5b1dcf033021da1e46c0dc2b7df0938bdfc557dd8d606878142e2da23ecd0b1e24b9eced5b6e38fbfed45b7256a5e03787d
-
SSDEEP
12288:/q8oUlQ9c6U0bR6zcVFnAr96sVrPn7zkt+rGEbma9B1S:FQfhRFGAslnPxXma9B1S
Static task
static1
Behavioral task
behavioral1
Sample
Dekont.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
Dekont.exe
Resource
win10v2004-20231025-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.belt-tech.com.my - Port:
587 - Username:
[email protected] - Password:
Beltechpg@1234 - Email To:
[email protected]
Targets
-
-
Target
Dekont.exe
-
Size
580KB
-
MD5
d8b05157b3b2358b828ddf6a8c6ffb48
-
SHA1
719820b9e180b0424aed7c99539ddc1a6c06eedf
-
SHA256
a2a6c37a9c06dd99e8b897fa89981cdfc0517469fdc49d6f4be416669c4e6fb1
-
SHA512
2d2e18ab96fc2e6c7558843be53ad5b1dcf033021da1e46c0dc2b7df0938bdfc557dd8d606878142e2da23ecd0b1e24b9eced5b6e38fbfed45b7256a5e03787d
-
SSDEEP
12288:/q8oUlQ9c6U0bR6zcVFnAr96sVrPn7zkt+rGEbma9B1S:FQfhRFGAslnPxXma9B1S
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-