Overview

overview

10

Static

static

10

1271947b68...in.exe

windows7_x64

10

1271947b68...in.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1271947b681dcb5d62fde5ee9f6bc7f7928679ae62c616932b59c9e8b73c8217.bin

  • Size

    184KB

  • Sample

    210304-jjyx1ygaj6

  • MD5

    f6c8046085b788ade44d121bf942929a

  • SHA1

    0c1be990a397ea94c87849d41c690e19ba563071

  • SHA256

    1271947b681dcb5d62fde5ee9f6bc7f7928679ae62c616932b59c9e8b73c8217

  • SHA512

    2ed67079324c14b836d9ccbd741d70c9ae67ca65ff889cc73080ce7b362436f242d087a81341645c7eed74f0dc7d4983e3db685bca77b90d207fabb32ccf7c70

Score
10/10
diamondfoxbotnetstealer

Malware Config

Targets

    • Target

      1271947b681dcb5d62fde5ee9f6bc7f7928679ae62c616932b59c9e8b73c8217.bin

    • Size

      184KB

    • MD5

      f6c8046085b788ade44d121bf942929a

    • SHA1

      0c1be990a397ea94c87849d41c690e19ba563071

    • SHA256

      1271947b681dcb5d62fde5ee9f6bc7f7928679ae62c616932b59c9e8b73c8217

    • SHA512

      2ed67079324c14b836d9ccbd741d70c9ae67ca65ff889cc73080ce7b362436f242d087a81341645c7eed74f0dc7d4983e3db685bca77b90d207fabb32ccf7c70

    Score
    10/10
    diamondfoxbotnetstealer

    • DiamondFox

      DiamondFox is a multipurpose botnet with many capabilities.

      botnetstealerdiamondfox

    • DiamondFox payload

      Detects DiamondFox payload in file/memory.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks