diamondfox | 93e7ecd77057b7388f80a012e15977613f6fa01bda350e684facdce6fee8e1da | Triage

Submit
Reports

Overview

overview

Static

static

nine.exe

windows7_x64

nine.exe

windows10-2004_x64

Sharing

General

Target

nine.exe
Size

210KB
Sample

220117-rgacasahel
MD5

4440d9bb248b6ecb966eef7af0ec276c
SHA1

dba8eb889861da4252bc2aca9794062a87fb6056
SHA256

93e7ecd77057b7388f80a012e15977613f6fa01bda350e684facdce6fee8e1da
SHA512

95abb7d39550c8b4b775d98e859e10eca7aa22193becd8656632b87689388c094ce872bf2aa0f24732d965b03ffa65f99e48774941c58779802e501d9bb610d6

Score

10^/10

diamondfox botnet stealer

Static task

static1

Behavioral task

behavioral1

Sample

nine.exe

Resource

win7-en-20211208

diamondfox botnet stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

nine.exe

Resource

win10v2004-en-20220112

diamondfox botnet stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  nine.exe
- Size
  
  210KB
- MD5
  
  4440d9bb248b6ecb966eef7af0ec276c
- SHA1
  
  dba8eb889861da4252bc2aca9794062a87fb6056
- SHA256
  
  93e7ecd77057b7388f80a012e15977613f6fa01bda350e684facdce6fee8e1da
- SHA512
  
  95abb7d39550c8b4b775d98e859e10eca7aa22193becd8656632b87689388c094ce872bf2aa0f24732d965b03ffa65f99e48774941c58779802e501d9bb610d6
Score

10^/10

diamondfox botnet stealer
- DiamondFox
  DiamondFox is a multipurpose botnet with many capabilities.
  botnet stealer diamondfox
- Suspicious use of NtCreateProcessExOtherParentProcess
- DiamondFox payload
  Detects DiamondFox payload in file/memory.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

diamondfoxbotnetstealer

behavioral2

diamondfoxbotnetstealer

© 2018-2025

Terms | Privacy