Overview

overview

10

Static

static

1607460946_Loade.exe

windows7_x64

10

1607460946_Loade.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1607460946_Loade.exe

  • Size

    140KB

  • Sample

    210122-r1d2zp4t5n

  • MD5

    7bf6de1dc69718455fb90e9a30a9183d

  • SHA1

    3a7f90978908d56d2b689aede98572581442cb19

  • SHA256

    8ca67e40d0d3826efc58feb163760f994eae52731f74c2a3d0d45148a2996bb2

  • SHA512

    78d208eb831789a85d3a5920560fa7c7fe1385491830dbc1e6caac35bb7cba66692cdc1d6b9c06f12a80767e1fa78cb56f011ab9e982839976757fd6cc08ccd9

Score
10/10
diamondfoxbotnetransomwarestealer

Malware Config

Targets

    • Target

      1607460946_Loade.exe

    • Size

      140KB

    • MD5

      7bf6de1dc69718455fb90e9a30a9183d

    • SHA1

      3a7f90978908d56d2b689aede98572581442cb19

    • SHA256

      8ca67e40d0d3826efc58feb163760f994eae52731f74c2a3d0d45148a2996bb2

    • SHA512

      78d208eb831789a85d3a5920560fa7c7fe1385491830dbc1e6caac35bb7cba66692cdc1d6b9c06f12a80767e1fa78cb56f011ab9e982839976757fd6cc08ccd9

    Score
    10/10
    diamondfoxbotnetransomwarestealer

    • DiamondFox

      DiamondFox is a multipurpose botnet with many capabilities.

      botnetstealerdiamondfox

    • DiamondFox payload

      Detects DiamondFox payload in file/memory.

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks