Overview

overview

10

Static

static

10

0ccb874e6f...95.exe

windows7_x64

10

0ccb874e6f...95.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0ccb874e6f1679d4cb9a285698490423495e53e1034407fe2f038603e3a38b95

  • Size

    2.5MB

  • Sample

    220222-y14htaeebp

  • MD5

    045d0eb447c5699ac0cbf14c7c71fd65

  • SHA1

    b439144c304664b71944c2c42319f8f7c29d0fa5

  • SHA256

    0ccb874e6f1679d4cb9a285698490423495e53e1034407fe2f038603e3a38b95

  • SHA512

    88cabe12d935bc54c08a497a12cc383f557200d54b162227dde2f6d11101159dc645d2ce81418b24656be187684ba428458c17bacbaa2630f7464b5a15821652

Score
10/10
diamondfoxbotnetstealer

Malware Config

Targets

    • Target

      0ccb874e6f1679d4cb9a285698490423495e53e1034407fe2f038603e3a38b95

    • Size

      2.5MB

    • MD5

      045d0eb447c5699ac0cbf14c7c71fd65

    • SHA1

      b439144c304664b71944c2c42319f8f7c29d0fa5

    • SHA256

      0ccb874e6f1679d4cb9a285698490423495e53e1034407fe2f038603e3a38b95

    • SHA512

      88cabe12d935bc54c08a497a12cc383f557200d54b162227dde2f6d11101159dc645d2ce81418b24656be187684ba428458c17bacbaa2630f7464b5a15821652

    Score
    10/10
    diamondfoxbotnetstealer

    • DiamondFox

      DiamondFox is a multipurpose botnet with many capabilities.

      botnetstealerdiamondfox

    • DiamondFox stealer

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks