diamondfox | f24b905fb50dd08805caa0d357b3c43149a5174c745797af98d0c4f111f85788 | Triage

Submit
Reports

Overview

overview

Static

static

f24b905fb5...88.exe

windows7_x64

f24b905fb5...88.exe

windows10_x64

Sharing

General

Target

f24b905fb50dd08805caa0d357b3c43149a5174c745797af98d0c4f111f85788.exe
Size

90KB
Sample

210122-yfxfbp9nsa
MD5

4dddf0bfbb7fff60a92926426a0754e4
SHA1

423f4f6b9c0805222b9577b52862af684030c002
SHA256

f24b905fb50dd08805caa0d357b3c43149a5174c745797af98d0c4f111f85788
SHA512

713fec6b0a8067dd39579ad9280442bf215efb95b628e9b2f3cdb61fb4bc796bfb2857810fe393757a25006ba7203878ce9c4763ed15db6d8a5785badbc21744

Score

10^/10

diamondfox botnet ransomware stealer

Static task

static1

Behavioral task

behavioral1

Sample

f24b905fb50dd08805caa0d357b3c43149a5174c745797af98d0c4f111f85788.exe

Resource

win7v20201028

diamondfox botnet ransomware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f24b905fb50dd08805caa0d357b3c43149a5174c745797af98d0c4f111f85788.exe

Resource

win10v20201028

diamondfox botnet ransomware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  f24b905fb50dd08805caa0d357b3c43149a5174c745797af98d0c4f111f85788.exe
- Size
  
  90KB
- MD5
  
  4dddf0bfbb7fff60a92926426a0754e4
- SHA1
  
  423f4f6b9c0805222b9577b52862af684030c002
- SHA256
  
  f24b905fb50dd08805caa0d357b3c43149a5174c745797af98d0c4f111f85788
- SHA512
  
  713fec6b0a8067dd39579ad9280442bf215efb95b628e9b2f3cdb61fb4bc796bfb2857810fe393757a25006ba7203878ce9c4763ed15db6d8a5785badbc21744
Score

10^/10

diamondfox botnet ransomware stealer
- DiamondFox
  DiamondFox is a multipurpose botnet with many capabilities.
  botnet stealer diamondfox
- DiamondFox payload
  Detects DiamondFox payload in file/memory.
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

diamondfoxbotnetransomwarestealer

behavioral2

diamondfoxbotnetransomwarestealer

© 2018-2024

Terms | Privacy