Overview

overview

10

Static

static

10

8343d0955b...in.exe

windows7_x64

10

8343d0955b...in.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8343d0955b6e122e915e7c381d597f60eeb96b18c9069bc35276c04e0fe52448.bin

  • Size

    199KB

  • Sample

    210304-lzhlqc7xyn

  • MD5

    694aeb997cad16f5d2a82fe34447c2f5

  • SHA1

    99151301e07d13301ce5a579d087b6a78389c38b

  • SHA256

    8343d0955b6e122e915e7c381d597f60eeb96b18c9069bc35276c04e0fe52448

  • SHA512

    f0979eea4e1b2141442d48f6b84b76d2dfae24f59df6b5e9446c4652e566415bc09e2a9d8ca5628fbfc7e260e5d2a5992023bcd5a13f980ebf204c2d80ff95ba

Score
10/10
diamondfoxbotnetdiscoveryspywarestealer

Malware Config

Targets

    • Target

      8343d0955b6e122e915e7c381d597f60eeb96b18c9069bc35276c04e0fe52448.bin

    • Size

      199KB

    • MD5

      694aeb997cad16f5d2a82fe34447c2f5

    • SHA1

      99151301e07d13301ce5a579d087b6a78389c38b

    • SHA256

      8343d0955b6e122e915e7c381d597f60eeb96b18c9069bc35276c04e0fe52448

    • SHA512

      f0979eea4e1b2141442d48f6b84b76d2dfae24f59df6b5e9446c4652e566415bc09e2a9d8ca5628fbfc7e260e5d2a5992023bcd5a13f980ebf204c2d80ff95ba

    Score
    10/10
    diamondfoxbotnetdiscoveryspywarestealer

    • DiamondFox

      DiamondFox is a multipurpose botnet with many capabilities.

      botnetstealerdiamondfox

    • DiamondFox payload

      Detects DiamondFox payload in file/memory.

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks