Overview

overview

10

Static

static

1607460946_Loade.exe

windows7_x64

10

1607460946_Loade.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1607460946_Loade.rar

  • Size

    93KB

  • Sample

    210122-pxdeq9kkv2

  • MD5

    01e5fefe2b86eb08d2735e707e0013b9

  • SHA1

    5bce560f4032c99d222deb0a1c6ca149b62a309e

  • SHA256

    13342aff87edbe48c736f449198a04bfcbf85db6453ee129269ab140ad872140

  • SHA512

    69b37c2700fc9b3cb9159eb30447cb209ceff7b140b05d80030f6a7f97deda8c5f9ca24dddd968ff826c27a6a8dc54865b1d9b972da36cccd0c63b0c2eafa22a

Score
10/10
diamondfoxbotnetransomwarestealer

Malware Config

Targets

    • Target

      1607460946_Loade.exe

    • Size

      140KB

    • MD5

      7bf6de1dc69718455fb90e9a30a9183d

    • SHA1

      3a7f90978908d56d2b689aede98572581442cb19

    • SHA256

      8ca67e40d0d3826efc58feb163760f994eae52731f74c2a3d0d45148a2996bb2

    • SHA512

      78d208eb831789a85d3a5920560fa7c7fe1385491830dbc1e6caac35bb7cba66692cdc1d6b9c06f12a80767e1fa78cb56f011ab9e982839976757fd6cc08ccd9

    Score
    10/10
    diamondfoxbotnetransomwarestealer

    • DiamondFox

      DiamondFox is a multipurpose botnet with many capabilities.

      botnetstealerdiamondfox

    • DiamondFox payload

      Detects DiamondFox payload in file/memory.

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks