diamondfox | 9526e9792bed9efe4ed6101deff93b649701cf0f77b024567b5c0540b4b3c7bf | Triage

Submit
Reports

Overview

overview

Static

static

9526e9792b...bf.exe

windows7_x64

9526e9792b...bf.exe

windows10_x64

Sharing

General

Target

9526e9792bed9efe4ed6101deff93b649701cf0f77b024567b5c0540b4b3c7bf
Size

1.4MB
Sample

210303-wnf747yk3x
MD5

f3da87fb27befc3df1eec757587fe93b
SHA1

798f0f6dba708beb6aee86469e5084b08d2e2714
SHA256

9526e9792bed9efe4ed6101deff93b649701cf0f77b024567b5c0540b4b3c7bf
SHA512

51d0a44359eeacb8344955099dce9fec20e46ddf509aea1036503eb0e278fbac363d797fb8745ea3b8ddd5e6f5c3c81f496e0354a10603e80c3028492bc7adaa

Score

10^/10

diamondfox botnet discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

9526e9792bed9efe4ed6101deff93b649701cf0f77b024567b5c0540b4b3c7bf.exe

Resource

win7v20201028

diamondfox botnet discovery spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

9526e9792bed9efe4ed6101deff93b649701cf0f77b024567b5c0540b4b3c7bf.exe

Resource

win10v20201028

diamondfox botnet discovery spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  9526e9792bed9efe4ed6101deff93b649701cf0f77b024567b5c0540b4b3c7bf
- Size
  
  1.4MB
- MD5
  
  f3da87fb27befc3df1eec757587fe93b
- SHA1
  
  798f0f6dba708beb6aee86469e5084b08d2e2714
- SHA256
  
  9526e9792bed9efe4ed6101deff93b649701cf0f77b024567b5c0540b4b3c7bf
- SHA512
  
  51d0a44359eeacb8344955099dce9fec20e46ddf509aea1036503eb0e278fbac363d797fb8745ea3b8ddd5e6f5c3c81f496e0354a10603e80c3028492bc7adaa
Score

10^/10

diamondfox botnet discovery spyware stealer
- DiamondFox
  DiamondFox is a multipurpose botnet with many capabilities.
  botnet stealer diamondfox
- DiamondFox payload
  Detects DiamondFox payload in file/memory.
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

diamondfoxbotnetdiscoveryspywarestealer

behavioral2

diamondfoxbotnetdiscoveryspywarestealer

© 2018-2024

Terms | Privacy