diamondfox

General

Target

51c2ff5ec011508a2071d7a4272d4391080143fedc2166474d51913753eb8344.exe
Size

300KB
Sample

210213-jxsnjw6n2j
MD5

1956f436a6ec9ec3696d8373d36a1228
SHA1

13fde0365047802c39c0d5a29f43075d18823acd
SHA256

51c2ff5ec011508a2071d7a4272d4391080143fedc2166474d51913753eb8344
SHA512

c064d4d66757446e023fbfceb20f63c51398c41922fb85e64329b0c7f7fab2c4703a852e77dbf6903edb52f3b460f915e7c888037ebad68e80e1187347406120

Score

10^/10

Malware Config

Targets

- Target
  
  51c2ff5ec011508a2071d7a4272d4391080143fedc2166474d51913753eb8344.exe
- Size
  
  300KB
- MD5
  
  1956f436a6ec9ec3696d8373d36a1228
- SHA1
  
  13fde0365047802c39c0d5a29f43075d18823acd
- SHA256
  
  51c2ff5ec011508a2071d7a4272d4391080143fedc2166474d51913753eb8344
- SHA512
  
  c064d4d66757446e023fbfceb20f63c51398c41922fb85e64329b0c7f7fab2c4703a852e77dbf6903edb52f3b460f915e7c888037ebad68e80e1187347406120
Score

10^/10

diamondfox botnet discovery stealer spyware
- DiamondFox
  DiamondFox is a multipurpose botnet with many capabilities.
  botnet stealer diamondfox
- DiamondFox payload
  Detects DiamondFox payload in file/memory.
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

1

T1005

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

DiamondFox payload

NirSoft WebBrowserPassView

Nirsoft

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Checks installed software on the system

Enumerates physical storage devices

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2