General
-
Target
48357e221b1e06c02805694894b00da3042087d2144f303f11e1ca8a3e5e701e
-
Size
216KB
-
Sample
220714-ejectacden
-
MD5
670497e6310600fe3149d128946cf9df
-
SHA1
82a807efec4d2751e0834f5605e13001c6450841
-
SHA256
48357e221b1e06c02805694894b00da3042087d2144f303f11e1ca8a3e5e701e
-
SHA512
4a631b40b65622206ed7f8afebab255f33d54486b377f33c428ddda98f6e1a27bed003c021fae06faafe5df063f835f4f9ddb194d89966eae2447e53e6c32090
Malware Config
Targets
-
-
Target
48357e221b1e06c02805694894b00da3042087d2144f303f11e1ca8a3e5e701e
-
Size
216KB
-
MD5
670497e6310600fe3149d128946cf9df
-
SHA1
82a807efec4d2751e0834f5605e13001c6450841
-
SHA256
48357e221b1e06c02805694894b00da3042087d2144f303f11e1ca8a3e5e701e
-
SHA512
4a631b40b65622206ed7f8afebab255f33d54486b377f33c428ddda98f6e1a27bed003c021fae06faafe5df063f835f4f9ddb194d89966eae2447e53e6c32090
Score10/10-
DiamondFox
DiamondFox is a multipurpose botnet with many capabilities.
-
UAC bypass
-
Windows security bypass
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-