diamondfox | new[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

new.exe
Size

590KB
MD5

d0adc891c2d75a5750a0762418fa0f23
SHA1

bfbbc833f3f85d693139b43002181fab5ff8da1d
SHA256

0526eaaa777c6f4f30769b2c74105f32b3b70a26b960c2074168f7a7404ede51
SHA512

4ee8af5e556ef6ccefdfecbe43c89c66c9244ea7db1e35b987d35e15090a1e7b8135590544d27dbc37f164bfbb5e7e82aa0463f16618b80fe993cb6b7bff245f
SSDEEP

12288:mO+B4it8xokZmFjvToKk5ZzdLHOVWeTfg5ZzdLHOVWeTf:g4iuokZOvTf4Z0WegZ0We

Score

10^/10

infostealer diamondfox

Malware Config

Signatures

DiamondFox payload 1 IoCs

Detects DiamondFox payload in file/memory.

infostealer

resource	yara_rule
sample	diamondfox

Diamondfox family
diamondfox

Files

new.exe
.exe windows x86

8316bcd12417e59032ab566efaeaa8d5

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:77:ba:de:f6:83:54:84:b8:ce:b0:dd:2b:58:f4:08
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

29-01-2020 00:00

Not After

28-01-2030 23:59

Subject

CN=TrustOcean Organization Software Vendor CA,O=TrustOcean Limited,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:62:76:af:2f:2c:7e:24:6d:3b:1c:ab:1b:4a:a4:2e
Certificate

Issuer

CN=TrustOcean Organization Software Vendor CA,O=TrustOcean Limited,C=US

Not Before

25-03-2021 00:00

Not After

25-03-2022 23:59

Subject

CN=IQ Trade ApS,O=IQ Trade ApS,POSTALCODE=2610,STREET=Prøvensvej 26,L=Rødovre,C=DK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

92:94:5a:de:3a:e0:d2:dc:0f:4f:02:23:d9:0f:2f:15:c9:6f:e0:f9
Signer

Actual PE Digest

92:94:5a:de:3a:e0:d2:dc:0f:4f:02:23:d9:0f:2f:15:c9:6f:e0:f9

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=IQ Trade ApS,O=IQ Trade ApS,POSTALCODE=2610,STREET=Prøvensvej 26,L=Rødovre,C=DK

30-04-2021 12:43
Valid: true

Chain 1

CN=IQ Trade ApS,O=IQ Trade ApS,POSTALCODE=2610,STREET=Prøvensvej 26,L=Rødovre,C=DK

CN=TrustOcean Organization Software Vendor CA,O=TrustOcean Limited,C=US

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Chain 2

CN=IQ Trade ApS,O=IQ Trade ApS,POSTALCODE=2610,STREET=Prøvensvej 26,L=Rødovre,C=DK

CN=TrustOcean Organization Software Vendor CA,O=TrustOcean Limited,C=US

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NO_BIND
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

memset
memcpy
wcslen
wcscpy
wcscat
wcscmp
memmove
wcschr
_CIlog
floor
ceil
_CIpow
strstr
strlen
_strnicmp
strcmp
strncpy
strcpy
sprintf
_wcsicmp
tolower
wcsncpy
fabs
malloc
free
fseek
ftell
fread
fclose
pow
??3@YAXPAX@Z
wcsncmp
wcsstr
_wcsnicmp
_wcsdup
_isnan
_vsnwprintf
cos
fmod
sin
abs

kernel32

GetModuleHandleW
HeapCreate
CreateMutexW
GetLastError
HeapDestroy
ExitProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcessId
CloseHandle
GetTickCount
LoadLibraryW
GetDiskFreeSpaceExW
GetSystemPowerStatus
CreateProcessW
GetThreadContext
ReadProcessMemory
VirtualAllocEx
WriteProcessMemory
SetThreadContext
ResumeThread
TerminateProcess
GetModuleFileNameW
VirtualFree
VirtualAlloc
FreeLibrary
VirtualProtect
IsBadReadPtr
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
CreateThread
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentProcess
DuplicateHandle
CreatePipe
GetStdHandle
HeapAlloc
HeapFree
PeekNamedPipe
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadFile
HeapReAlloc
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsGetValue
GetProcAddress
Sleep
GetSystemInfo
GlobalMemoryStatusEx
GetComputerNameW
CreateDirectoryW
SetFileAttributesW
CopyFileW
DeleteFileW
GetTempPathW
GetDriveTypeW
FindFirstFileW
FindClose
GetFileAttributesW
WriteFile
CreateFileW
SetFilePointer
GetFileSize
WideCharToMultiByte
GetVersionExW
MultiByteToWideChar
HeapSize
TlsFree
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
SetLastError
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject

gdiplus

GdiplusStartup
GdipCreateBitmapFromFile
GdipSaveImageToFile
GdipDisposeImage
GdiplusShutdown
GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY

user32

GetSystemMetrics
GetCursorPos
GetDC
ReleaseDC
DestroyIcon
FillRect
CharUpperW
CharLowerW
GetIconInfo
DrawIconEx

gdi32

BitBlt
GetObjectType
DeleteObject
GetObjectW
CreateCompatibleDC
SelectObject
CreateSolidBrush
DeleteDC
GdiGetBatchLimit
GdiSetBatchLimit
CreateDIBSection
CreateBitmap
SetPixel
GetStockObject
GetDIBits
CreateDCW
GetDeviceCaps
GetTextExtentPoint32W
SetBkMode
SetTextAlign
SetBkColor
SetTextColor
TextOutW
SetStretchBltMode
SetBrushOrgEx
StretchBlt
CreateFontIndirectW
GetTextMetricsW
CreateCompatibleBitmap
GetPixel

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
GetUserNameW

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteExW

wsock32

closesocket
WSACleanup
WSAStartup

winmm

timeBeginPeriod

shlwapi

PathFileExistsW

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree

ntdll

ZwUnmapViewOfSection

setupapi

IsUserAdmin

urlmon

URLDownloadToFileW

wininet

InternetOpenW
InternetSetOptionW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
InternetReadFile
InternetCloseHandle
InternetGetConnectedState

Sections

.code
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ndata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.00cfg
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ndata
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ndata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ndata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8316bcd12417e59032ab566efaeaa8d5

Code Sign

01Certificate

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

79:77:ba:de:f6:83:54:84:b8:ce:b0:dd:2b:58:f4:08Certificate

Extended Key Usages

Key Usages

06:62:76:af:2f:2c:7e:24:6d:3b:1c:ab:1b:4a:a4:2eCertificate

Extended Key Usages

Key Usages

92:94:5a:de:3a:e0:d2:dc:0f:4f:02:23:d9:0f:2f:15:c9:6f:e0:f9Signer

Signature Validations

Verification

30-04-2021 12:43 Valid: true

Chain 1

Chain 2

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

gdiplus

user32

gdi32

advapi32

shell32

wsock32

winmm

shlwapi

ole32

ntdll

setupapi

urlmon

wininet

Sections

.code Size: 38KB - Virtual size: 37KB

.text Size: 124KB - Virtual size: 123KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 14KB - Virtual size: 17KB

.itext Size: 1KB - Virtual size: 1KB

.ndata Size: 1KB - Virtual size: 1KB

.bss Size: 9KB - Virtual size: 9KB

.00cfg Size: 9KB - Virtual size: 9KB

.ndata Size: 165KB - Virtual size: 165KB

.itext Size: 9KB - Virtual size: 9KB

.ndata Size: 9KB - Virtual size: 9KB

.bss Size: 165KB - Virtual size: 165KB

.ndata Size: 9KB - Virtual size: 9KB

01
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

79:77:ba:de:f6:83:54:84:b8:ce:b0:dd:2b:58:f4:08
Certificate

06:62:76:af:2f:2c:7e:24:6d:3b:1c:ab:1b:4a:a4:2e
Certificate

92:94:5a:de:3a:e0:d2:dc:0f:4f:02:23:d9:0f:2f:15:c9:6f:e0:f9
Signer

30-04-2021 12:43
Valid: true

.code
Size: 38KB - Virtual size: 37KB

.text
Size: 124KB - Virtual size: 123KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 14KB - Virtual size: 17KB

.itext
Size: 1KB - Virtual size: 1KB

.ndata
Size: 1KB - Virtual size: 1KB

.bss
Size: 9KB - Virtual size: 9KB

.00cfg
Size: 9KB - Virtual size: 9KB

.ndata
Size: 165KB - Virtual size: 165KB

.itext
Size: 9KB - Virtual size: 9KB

.ndata
Size: 9KB - Virtual size: 9KB

.bss
Size: 165KB - Virtual size: 165KB

.ndata
Size: 9KB - Virtual size: 9KB