Overview

overview

10

Static

static

573efb1953...03.exe

windows7_x64

10

573efb1953...03.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    573efb195325f7f39b014f9a6062b0e464f7578b6fe2ae192749c26e460bbf03

  • Size

    485KB

  • Sample

    220310-vfx9hscbgl

  • MD5

    1a01c1271297700846837182a5a2ec8b

  • SHA1

    4fac1ede27ad29375398c3a46c5f33e7d5293637

  • SHA256

    573efb195325f7f39b014f9a6062b0e464f7578b6fe2ae192749c26e460bbf03

  • SHA512

    3ad93395d5aae9f7696a11099b04306f0eef8d5a2d5abad8be4e537fe708094baf51cddaf57bb19251beb51f223c05d551d054effd21ff72315a54e5858195ff

Score
10/10
diamondfoxbotnetinfostealerstealer

Malware Config

Targets

    • Target

      573efb195325f7f39b014f9a6062b0e464f7578b6fe2ae192749c26e460bbf03

    • Size

      485KB

    • MD5

      1a01c1271297700846837182a5a2ec8b

    • SHA1

      4fac1ede27ad29375398c3a46c5f33e7d5293637

    • SHA256

      573efb195325f7f39b014f9a6062b0e464f7578b6fe2ae192749c26e460bbf03

    • SHA512

      3ad93395d5aae9f7696a11099b04306f0eef8d5a2d5abad8be4e537fe708094baf51cddaf57bb19251beb51f223c05d551d054effd21ff72315a54e5858195ff

    Score
    10/10
    diamondfoxbotnetinfostealerstealer

    • DiamondFox

      DiamondFox is a multipurpose botnet with many capabilities.

      botnetstealerdiamondfox

    • DiamondFox payload

      Detects DiamondFox payload in file/memory.

      infostealer

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks