General
-
Target
63dac056d672b1987462b41f44987cb470e5b94fd528e521040e98c70de2732a.exe
-
Size
579KB
-
Sample
210119-7hhqt7rvk6
-
MD5
de4b296cb2891bd1c3ed085ed648a62d
-
SHA1
73aaa5d6869bd25abb78ba5beb27ec8c5ee71e57
-
SHA256
63dac056d672b1987462b41f44987cb470e5b94fd528e521040e98c70de2732a
-
SHA512
122402092f03e9ee35ad0fa5128e4d50795894790f088918d0ca3f6e128d85c8b6b7f64eaecdf6d66b2a8d41f921a1446056129d7b9eb28822afb8eacb20d453
Malware Config
Targets
-
-
Target
63dac056d672b1987462b41f44987cb470e5b94fd528e521040e98c70de2732a.exe
-
Size
579KB
-
MD5
de4b296cb2891bd1c3ed085ed648a62d
-
SHA1
73aaa5d6869bd25abb78ba5beb27ec8c5ee71e57
-
SHA256
63dac056d672b1987462b41f44987cb470e5b94fd528e521040e98c70de2732a
-
SHA512
122402092f03e9ee35ad0fa5128e4d50795894790f088918d0ca3f6e128d85c8b6b7f64eaecdf6d66b2a8d41f921a1446056129d7b9eb28822afb8eacb20d453
Score10/10-
DiamondFox
DiamondFox is a multipurpose botnet with many capabilities.
-
DiamondFox payload
Detects DiamondFox payload in file/memory.
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-