General
-
Target
DEKONT.exe
-
Size
3.5MB
-
Sample
240403-nflr6ace21
-
MD5
ea35bed10f48763c125c105bf76c412e
-
SHA1
ff80d00915d76774fb8f4599da22dc10d4e071b3
-
SHA256
95abf9af2641a81a79013a5b4db8b9b8dee2dfb370b12b0e97add77146dbcded
-
SHA512
96b3940ae0f52da62bad14b288a9aa1cc08aaeb42730c9d4f6d8e6c413e3fc2aa5ac2d791acf9925157f7356e61bd01145f8d73f53503a3d9374c5b948ba0460
-
SSDEEP
49152:Z8Vt9txR1lHWcpFA0IRzSde7rQQFXgFgFO5rV0Nr+knE73OoR2:ZUb3O/3UgS4
Static task
static1
Behavioral task
behavioral1
Sample
DEKONT.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
DEKONT.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6990608434:AAFDEYJZHv0Tb67P-nnKBU4QE1GBx5D_mqc/
Targets
-
-
Target
DEKONT.exe
-
Size
3.5MB
-
MD5
ea35bed10f48763c125c105bf76c412e
-
SHA1
ff80d00915d76774fb8f4599da22dc10d4e071b3
-
SHA256
95abf9af2641a81a79013a5b4db8b9b8dee2dfb370b12b0e97add77146dbcded
-
SHA512
96b3940ae0f52da62bad14b288a9aa1cc08aaeb42730c9d4f6d8e6c413e3fc2aa5ac2d791acf9925157f7356e61bd01145f8d73f53503a3d9374c5b948ba0460
-
SSDEEP
49152:Z8Vt9txR1lHWcpFA0IRzSde7rQQFXgFgFO5rV0Nr+knE73OoR2:ZUb3O/3UgS4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-