diamondfox | 0111dff6d3ba584e0293470dac4cdf629e61f842522ef2d4a3873ebf9dd703a8 | Triage

Analysis

max time kernel
41s
max time network
44s
platform
windows7_x64
resource
win7-20220414-en
submitted
20-05-2022 18:31

Sharing

Report Analysis Logs

General

Target

0111dff6d3ba584e0293470dac4cdf629e61f842522ef2d4a3873ebf9dd703a8.exe
Size

231KB
MD5

c8830b9e611ef52f5d4dcddee87c2ba1
SHA1

fc7f516a1cc9916405e1f15f0be2432b356efe86
SHA256

0111dff6d3ba584e0293470dac4cdf629e61f842522ef2d4a3873ebf9dd703a8
SHA512

dca8de414cf9d841283184931d9977a299ad7ac47019330a464c10a69e2e9c98131c2e7cfdb658494c1f32975efde3f58128f2fcaad1046c8f495b6af8d845a9

Score

10^/10

diamondfox botnet infostealer stealer

Malware Config

Signatures

DiamondFox
DiamondFox is a multipurpose botnet with many capabilities.
botnet stealer diamondfox

DiamondFox payload 2 IoCs

Detects DiamondFox payload in file/memory.

Processes:

resource	yara_rule
behavioral1/memory/1216-57-0x0000000000220000-0x0000000000238000-memory.dmp	diamondfox
behavioral1/memory/1216-58-0x0000000000400000-0x000000000098D000-memory.dmp	diamondfox

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

0111dff6d3ba584e0293470dac4cdf629e61f842522ef2d4a3873ebf9dd703a8.exe

pid process

1216 0111dff6d3ba584e0293470dac4cdf629e61f842522ef2d4a3873ebf9dd703a8.exe

C:\Users\Admin\AppData\Local\Temp\0111dff6d3ba584e0293470dac4cdf629e61f842522ef2d4a3873ebf9dd703a8.exe
"C:\Users\Admin\AppData\Local\Temp\0111dff6d3ba584e0293470dac4cdf629e61f842522ef2d4a3873ebf9dd703a8.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1216

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1216-56-0x0000000000ADB000-0x0000000000AE7000-memory.dmp

Filesize
48KB

Download
memory/1216-57-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/1216-58-0x0000000000400000-0x000000000098D000-memory.dmp

Filesize
5.6MB

Download