diamondfox | 93e7ecd77057b7388f80a012e15977613f6fa01bda350e684facdce6fee8e1da | Triage

Submit
Reports

Overview

overview

Static

static

nine.exe

windows7_x64

nine.exe

windows10-2004_x64

Sharing

General

Target

nine.exe
Size

210KB
Sample

220117-rgacasahel
MD5

4440d9bb248b6ecb966eef7af0ec276c
SHA1

dba8eb889861da4252bc2aca9794062a87fb6056
SHA256

93e7ecd77057b7388f80a012e15977613f6fa01bda350e684facdce6fee8e1da
SHA512

95abb7d39550c8b4b775d98e859e10eca7aa22193becd8656632b87689388c094ce872bf2aa0f24732d965b03ffa65f99e48774941c58779802e501d9bb610d6

Score

10^/10

diamondfox botnet stealer

Static task

static1

Behavioral task

behavioral1

Sample

nine.exe

Resource

win7-en-20211208

diamondfox botnet stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

nine.exe

Resource

win10v2004-en-20220112

diamondfox botnet stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  nine.exe
- Size
  
  210KB
- MD5
  
  4440d9bb248b6ecb966eef7af0ec276c
- SHA1
  
  dba8eb889861da4252bc2aca9794062a87fb6056
- SHA256
  
  93e7ecd77057b7388f80a012e15977613f6fa01bda350e684facdce6fee8e1da
- SHA512
  
  95abb7d39550c8b4b775d98e859e10eca7aa22193becd8656632b87689388c094ce872bf2aa0f24732d965b03ffa65f99e48774941c58779802e501d9bb610d6
Score

10^/10

diamondfox botnet stealer
- DiamondFox
  DiamondFox is a multipurpose botnet with many capabilities.
  botnet stealer diamondfox
- Suspicious use of NtCreateProcessExOtherParentProcess
- DiamondFox payload
  Detects DiamondFox payload in file/memory.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

diamondfoxbotnetstealer

behavioral2

diamondfoxbotnetstealer

© 2018-2024

Terms | Privacy