diamondfox | 8343d0955b6e122e915e7c381d597f60eeb96b18c9069bc35276c04e0fe52448 | Triage

Submit
Reports

Overview

overview

Static

static

8343d0955b...in.exe

windows7_x64

8343d0955b...in.exe

windows10_x64

Sharing

General

Target

8343d0955b6e122e915e7c381d597f60eeb96b18c9069bc35276c04e0fe52448.bin
Size

199KB
Sample

210304-lzhlqc7xyn
MD5

694aeb997cad16f5d2a82fe34447c2f5
SHA1

99151301e07d13301ce5a579d087b6a78389c38b
SHA256

8343d0955b6e122e915e7c381d597f60eeb96b18c9069bc35276c04e0fe52448
SHA512

f0979eea4e1b2141442d48f6b84b76d2dfae24f59df6b5e9446c4652e566415bc09e2a9d8ca5628fbfc7e260e5d2a5992023bcd5a13f980ebf204c2d80ff95ba

Score

10^/10

diamondfox botnet discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

8343d0955b6e122e915e7c381d597f60eeb96b18c9069bc35276c04e0fe52448.bin.exe

Resource

win7v20201028

diamondfox botnet discovery spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

8343d0955b6e122e915e7c381d597f60eeb96b18c9069bc35276c04e0fe52448.bin.exe

Resource

win10v20201028

diamondfox botnet discovery spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  8343d0955b6e122e915e7c381d597f60eeb96b18c9069bc35276c04e0fe52448.bin
- Size
  
  199KB
- MD5
  
  694aeb997cad16f5d2a82fe34447c2f5
- SHA1
  
  99151301e07d13301ce5a579d087b6a78389c38b
- SHA256
  
  8343d0955b6e122e915e7c381d597f60eeb96b18c9069bc35276c04e0fe52448
- SHA512
  
  f0979eea4e1b2141442d48f6b84b76d2dfae24f59df6b5e9446c4652e566415bc09e2a9d8ca5628fbfc7e260e5d2a5992023bcd5a13f980ebf204c2d80ff95ba
Score

10^/10

diamondfox botnet discovery spyware stealer
- DiamondFox
  DiamondFox is a multipurpose botnet with many capabilities.
  botnet stealer diamondfox
- DiamondFox payload
  Detects DiamondFox payload in file/memory.
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

diamondfoxbotnetdiscoveryspywarestealer

behavioral2

diamondfoxbotnetdiscoveryspywarestealer

© 2018-2024

Terms | Privacy