diamondfox | 4798591a79be1fe28b70af10883e655ee16ca90e858b0463154bccada7cb0fa4 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

setup.exe

windows7_x64

setup.exe

windows10_x64

Sharing

General

Target

setup.zip
Size

32KB
Sample

201117-jlb9eck73j
MD5

df0f0251c43982d87f5b8a29f25f7810
SHA1

e08264c70d6bb92507b963ca733471621ec01acf
SHA256

4798591a79be1fe28b70af10883e655ee16ca90e858b0463154bccada7cb0fa4
SHA512

9f91c34d0c1897dab6afac95d484552f9af2635581fe6a2fd2f849ae1bd7806c0c75b6e57e45675426240a9b81616d711b27a9da5bf258651b820a053b7ddaf7

Score

10^/10

diamondfox botnet discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

setup.exe

Resource

win7v20201028

diamondfox botnet discovery spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

setup.exe

Resource

win10v20201028

diamondfox botnet discovery spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

diamondfox

C2

https://www.datanalysis.club/ms/gate.php

https://www.datanalysis.site/ms/gate.php

https://www.datanalysis.space/ms/gate.php

Mutex

cBFxpht5aCf0jy4gnUs3JgtqCB2O2tWJ

xor.plain

Targets

- Target
  
  setup.exe
- Size
  
  90KB
- MD5
  
  1d5b46ff3cd12fd31362557299d6f488
- SHA1
  
  42f5d828b03f5e4c03e9f935683b5d82e6e7dc26
- SHA256
  
  2f134d1467c3765898a1befc311b86414f8df96d307a6f05b23eebbb8866a69c
- SHA512
  
  4dd2071b369bd150da53446313fff30b08054b8724a02444c400db2f0b14062c51a5aff2390b1845cc87b629ffc77ecc5e72877f77f824553b6f68a7b39a9d23
Score

10^/10

diamondfox botnet discovery spyware stealer
- DiamondFox
  DiamondFox is a multipurpose botnet with many capabilities.
  botnet stealer diamondfox
- DiamondFox payload
  Detects DiamondFox payload in file/memory.
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

diamondfoxbotnetdiscoveryspywarestealer

behavioral2

diamondfoxbotnetdiscoveryspywarestealer

© 2018-2025

Terms | Privacy