Extracted

• • Target

    33815ECF51B4A2F18811FBA9ED999D36.exe

  • Size

    2.5MB

  • MD5

    33815ecf51b4a2f18811fba9ed999d36

  • SHA1

    709cde4326af52f644cf00d260af65bdd0cbf5e1

  • SHA256

    2f76ea148491b558111e852ce708f8802896c21c3b18239d14078f313822e301

  • SHA512

    d3e1669d4e60d180a9bcd6b87f2c376be69bb7bebf6a73f0503ab65e4770354b71adcfc0688444ccf9a4d57fff32542f29bbcf12bc9686f347fa8ae8eaac82f5

  Score

  10^/10

  diamondfoxredlinetaurus002botnetdiscoveryinfostealerpersistencespywarestealertrojan

  • DiamondFox

    DiamondFox is a multipurpose botnet with many capabilities.

    botnetstealerdiamondfox

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine Payload

  • Taurus Stealer

    Taurus is an infostealer first seen in June 2020.

    trojanstealertaurus

  • Taurus Stealer Payload

  • DiamondFox payload

    Detects DiamondFox payload in file/memory.

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses 2FA software files, possible credential harvesting

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2