Overview

overview

10

Static

static

9526e9792b...bf.exe

windows7_x64

10

9526e9792b...bf.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9526e9792bed9efe4ed6101deff93b649701cf0f77b024567b5c0540b4b3c7bf

  • Size

    1.4MB

  • Sample

    210303-wnf747yk3x

  • MD5

    f3da87fb27befc3df1eec757587fe93b

  • SHA1

    798f0f6dba708beb6aee86469e5084b08d2e2714

  • SHA256

    9526e9792bed9efe4ed6101deff93b649701cf0f77b024567b5c0540b4b3c7bf

  • SHA512

    51d0a44359eeacb8344955099dce9fec20e46ddf509aea1036503eb0e278fbac363d797fb8745ea3b8ddd5e6f5c3c81f496e0354a10603e80c3028492bc7adaa

Score
10/10
diamondfoxbotnetdiscoveryspywarestealer

Malware Config

Targets

    • Target

      9526e9792bed9efe4ed6101deff93b649701cf0f77b024567b5c0540b4b3c7bf

    • Size

      1.4MB

    • MD5

      f3da87fb27befc3df1eec757587fe93b

    • SHA1

      798f0f6dba708beb6aee86469e5084b08d2e2714

    • SHA256

      9526e9792bed9efe4ed6101deff93b649701cf0f77b024567b5c0540b4b3c7bf

    • SHA512

      51d0a44359eeacb8344955099dce9fec20e46ddf509aea1036503eb0e278fbac363d797fb8745ea3b8ddd5e6f5c3c81f496e0354a10603e80c3028492bc7adaa

    Score
    10/10
    diamondfoxbotnetdiscoveryspywarestealer

    • DiamondFox

      DiamondFox is a multipurpose botnet with many capabilities.

      botnetstealerdiamondfox

    • DiamondFox payload

      Detects DiamondFox payload in file/memory.

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks