General
-
Target
f24b905fb50dd08805caa0d357b3c43149a5174c745797af98d0c4f111f85788.exe
-
Size
90KB
-
Sample
210122-yfxfbp9nsa
-
MD5
4dddf0bfbb7fff60a92926426a0754e4
-
SHA1
423f4f6b9c0805222b9577b52862af684030c002
-
SHA256
f24b905fb50dd08805caa0d357b3c43149a5174c745797af98d0c4f111f85788
-
SHA512
713fec6b0a8067dd39579ad9280442bf215efb95b628e9b2f3cdb61fb4bc796bfb2857810fe393757a25006ba7203878ce9c4763ed15db6d8a5785badbc21744
Malware Config
Targets
-
-
Target
f24b905fb50dd08805caa0d357b3c43149a5174c745797af98d0c4f111f85788.exe
-
Size
90KB
-
MD5
4dddf0bfbb7fff60a92926426a0754e4
-
SHA1
423f4f6b9c0805222b9577b52862af684030c002
-
SHA256
f24b905fb50dd08805caa0d357b3c43149a5174c745797af98d0c4f111f85788
-
SHA512
713fec6b0a8067dd39579ad9280442bf215efb95b628e9b2f3cdb61fb4bc796bfb2857810fe393757a25006ba7203878ce9c4763ed15db6d8a5785badbc21744
Score10/10-
DiamondFox
DiamondFox is a multipurpose botnet with many capabilities.
-
DiamondFox payload
Detects DiamondFox payload in file/memory.
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-