General
-
Target
bd9f3b1b869611da4ad27ade26a7e19c0c3bc7e0aae3d21f8704ab58c59c4943.exe
-
Size
1.5MB
-
Sample
210213-lp88fzpmbn
-
MD5
e62a12e02d56fac5aa469ddb8973fa19
-
SHA1
190a33491b72b52f97d424a8a5e4c2193f5d71db
-
SHA256
bd9f3b1b869611da4ad27ade26a7e19c0c3bc7e0aae3d21f8704ab58c59c4943
-
SHA512
c89e53557e283ede3927988a1a045781fc908219f8ef46b45d11f954199b87ff2eb7d4a362d1568bf23af03b914158fa47a92208c49dca70c7d14e2854c07b12
Malware Config
Targets
-
-
Target
bd9f3b1b869611da4ad27ade26a7e19c0c3bc7e0aae3d21f8704ab58c59c4943.exe
-
Size
1.5MB
-
MD5
e62a12e02d56fac5aa469ddb8973fa19
-
SHA1
190a33491b72b52f97d424a8a5e4c2193f5d71db
-
SHA256
bd9f3b1b869611da4ad27ade26a7e19c0c3bc7e0aae3d21f8704ab58c59c4943
-
SHA512
c89e53557e283ede3927988a1a045781fc908219f8ef46b45d11f954199b87ff2eb7d4a362d1568bf23af03b914158fa47a92208c49dca70c7d14e2854c07b12
Score10/10-
DiamondFox
DiamondFox is a multipurpose botnet with many capabilities.
-
DiamondFox payload
Detects DiamondFox payload in file/memory.
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetThreadContext
-