diamondfox | 040[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

040.exe
Size

371KB
MD5

011f82638e33b5c1df66dab43ec2fd18
SHA1

1157a0186b8010d4d5ba99008b46df6798efdb82
SHA256

d113f0b72805c9908272e053fcc5386b191254cbaf685ed66bca824d3d4a94dc
SHA512

5b141b17858a1fdf821c25f8130d7a8f88c401ff56d46eca0037b03bfad8a5470ef8a07065da36d605747d897c1d288549959539cb0fa80d3b251084aa3bea54
SSDEEP

6144:oOHeB3uoSJdskGtgUSxE916KEqYD1nBFjvTB1F29gHUtmSjA61An59XmvtUnV:oO+B+Vit8xokZJBFjvToKHdiAsc593nV

Score

10^/10

infostealer diamondfox

Malware Config

Signatures

DiamondFox payload 1 IoCs
Detects DiamondFox payload in file/memory.
infostealer

Processes:

resource yara_rule

sample diamondfox
Diamondfox family
diamondfox

resource	yara_rule
sample	diamondfox

Files

040.exe
.exe windows x86

8316bcd12417e59032ab566efaeaa8d5

Code Sign

34:99:10:fc:e9:8a:6b:9f:46:fb:58:1f:bb:20:ee:ca
Certificate

Issuer

CN=Eldon Tyrell,1.2.840.113549.1.9.1=#0c1c656c646f6e2e747972656c6c40747972656c6c2d636f72702e636f6d

Not Before

30-03-2022 08:15

Not After

30-03-2023 08:35

Subject

CN=Eldon Tyrell,1.2.840.113549.1.9.1=#0c1c656c646f6e2e747972656c6c40747972656c6c2d636f72702e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9a:9d:fe:2d:a4:46:64:6e:7d:28:67:4c:7a:53:3e:a2:80:04:90:de:1d:1d:9b:d1:14:7c:94:bd:b2:72:a2:f7
Signer

Actual PE Digest

9a:9d:fe:2d:a4:46:64:6e:7d:28:67:4c:7a:53:3e:a2:80:04:90:de:1d:1d:9b:d1:14:7c:94:bd:b2:72:a2:f7

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Eldon Tyrell,1.2.840.113549.1.9.1=#0c1c656c646f6e2e747972656c6c40747972656c6c2d636f72702e636f6d

30-06-2022 15:34
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_SYSTEM

Imports

msvcrt

memset
memcpy
wcslen
wcscpy
wcscat
wcscmp
memmove
wcschr
_CIlog
floor
ceil
_CIpow
strstr
strlen
_strnicmp
strcmp
strncpy
strcpy
sprintf
_wcsicmp
tolower
wcsncpy
fabs
malloc
free
fseek
ftell
fread
fclose
pow
??3@YAXPAX@Z
wcsncmp
wcsstr
_wcsnicmp
_wcsdup
_isnan
_vsnwprintf
cos
fmod
sin
abs

kernel32

GetModuleHandleW
HeapCreate
CreateMutexW
GetLastError
HeapDestroy
ExitProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcessId
CloseHandle
GetTickCount
LoadLibraryW
GetDiskFreeSpaceExW
GetSystemPowerStatus
CreateProcessW
GetThreadContext
ReadProcessMemory
VirtualAllocEx
WriteProcessMemory
SetThreadContext
ResumeThread
TerminateProcess
GetModuleFileNameW
VirtualFree
VirtualAlloc
FreeLibrary
VirtualProtect
IsBadReadPtr
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
CreateThread
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentProcess
DuplicateHandle
CreatePipe
GetStdHandle
HeapAlloc
HeapFree
PeekNamedPipe
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadFile
HeapReAlloc
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsGetValue
GetProcAddress
Sleep
GetSystemInfo
GlobalMemoryStatusEx
GetComputerNameW
CreateDirectoryW
SetFileAttributesW
CopyFileW
DeleteFileW
GetTempPathW
GetDriveTypeW
FindFirstFileW
FindClose
GetFileAttributesW
WriteFile
CreateFileW
SetFilePointer
GetFileSize
WideCharToMultiByte
GetVersionExW
MultiByteToWideChar
HeapSize
TlsFree
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
SetLastError
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject

gdiplus

GdiplusStartup
GdipCreateBitmapFromFile
GdipSaveImageToFile
GdipDisposeImage
GdiplusShutdown
GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY

user32

GetSystemMetrics
GetCursorPos
GetDC
ReleaseDC
DestroyIcon
FillRect
CharUpperW
CharLowerW
GetIconInfo
DrawIconEx

gdi32

BitBlt
GetObjectType
DeleteObject
GetObjectW
CreateCompatibleDC
SelectObject
CreateSolidBrush
DeleteDC
GdiGetBatchLimit
GdiSetBatchLimit
CreateDIBSection
CreateBitmap
SetPixel
GetStockObject
GetDIBits
CreateDCW
GetDeviceCaps
GetTextExtentPoint32W
SetBkMode
SetTextAlign
SetBkColor
SetTextColor
TextOutW
SetStretchBltMode
SetBrushOrgEx
StretchBlt
CreateFontIndirectW
GetTextMetricsW
CreateCompatibleBitmap
GetPixel

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
GetUserNameW

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteExW

wsock32

closesocket
WSACleanup
WSAStartup

winmm

timeBeginPeriod

shlwapi

PathFileExistsW

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree

ntdll

ZwUnmapViewOfSection

setupapi

IsUserAdmin

urlmon

URLDownloadToFileW

wininet

InternetOpenW
InternetSetOptionW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
InternetReadFile
InternetCloseHandle
InternetGetConnectedState

Sections

.code
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.stab
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bindat
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.debug
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sxdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text0
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.cormet
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8316bcd12417e59032ab566efaeaa8d5

Code Sign

34:99:10:fc:e9:8a:6b:9f:46:fb:58:1f:bb:20:ee:caCertificate

Extended Key Usages

Key Usages

9a:9d:fe:2d:a4:46:64:6e:7d:28:67:4c:7a:53:3e:a2:80:04:90:de:1d:1d:9b:d1:14:7c:94:bd:b2:72:a2:f7Signer

Signature Validations

Verification

30-06-2022 15:34 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

gdiplus

user32

gdi32

advapi32

shell32

wsock32

winmm

shlwapi

ole32

ntdll

setupapi

urlmon

wininet

Sections

.code Size: 38KB - Virtual size: 37KB

.text Size: 124KB - Virtual size: 123KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 14KB - Virtual size: 17KB

.xdata Size: 22KB - Virtual size: 22KB

.stab Size: 5KB - Virtual size: 5KB

.bindat Size: 26KB - Virtual size: 26KB

.debug Size: 6KB - Virtual size: 6KB

.sxdata Size: 2KB - Virtual size: 2KB

.text0 Size: 5KB - Virtual size: 5KB

.cormet Size: 6KB - Virtual size: 6KB

34:99:10:fc:e9:8a:6b:9f:46:fb:58:1f:bb:20:ee:ca
Certificate

9a:9d:fe:2d:a4:46:64:6e:7d:28:67:4c:7a:53:3e:a2:80:04:90:de:1d:1d:9b:d1:14:7c:94:bd:b2:72:a2:f7
Signer

30-06-2022 15:34
Valid: false

.code
Size: 38KB - Virtual size: 37KB

.text
Size: 124KB - Virtual size: 123KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 14KB - Virtual size: 17KB

.xdata
Size: 22KB - Virtual size: 22KB

.stab
Size: 5KB - Virtual size: 5KB

.bindat
Size: 26KB - Virtual size: 26KB

.debug
Size: 6KB - Virtual size: 6KB

.sxdata
Size: 2KB - Virtual size: 2KB

.text0
Size: 5KB - Virtual size: 5KB

.cormet
Size: 6KB - Virtual size: 6KB