Overview

overview

10

Static

static

10

02b4623f56...1b.exe

windows7_x64

10

02b4623f56...1b.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    02b4623f56f979b9082818d613cac29a56aba763288eacaee74e063469aca61b

  • Size

    3.3MB

  • Sample

    220223-azgqnafgg5

  • MD5

    77ab7e4dc7dcc201aabca121245d37de

  • SHA1

    05276c0f69e0cb1b0acfd125604eaa703d442f30

  • SHA256

    02b4623f56f979b9082818d613cac29a56aba763288eacaee74e063469aca61b

  • SHA512

    307e460a5fb0c06b44beea2e826d89434a71daba30210efd558d1b0a6b2b8fb75171d1d064c2703e1297c032fb8eb84a3c77c08747b2b5483017d648331d4b0b

Score
10/10
diamondfoxbotnetmacropersistencestealer

Malware Config

Targets

    • Target

      02b4623f56f979b9082818d613cac29a56aba763288eacaee74e063469aca61b

    • Size

      3.3MB

    • MD5

      77ab7e4dc7dcc201aabca121245d37de

    • SHA1

      05276c0f69e0cb1b0acfd125604eaa703d442f30

    • SHA256

      02b4623f56f979b9082818d613cac29a56aba763288eacaee74e063469aca61b

    • SHA512

      307e460a5fb0c06b44beea2e826d89434a71daba30210efd558d1b0a6b2b8fb75171d1d064c2703e1297c032fb8eb84a3c77c08747b2b5483017d648331d4b0b

    Score
    10/10
    diamondfoxbotnetmacropersistencestealer

    • DiamondFox

      DiamondFox is a multipurpose botnet with many capabilities.

      botnetstealerdiamondfox

    • DiamondFox stealer

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Executes dropped EXE

    • Suspicious Office macro

      Office document equipped with macros.

      macro

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks