Overview

overview

10

Static

static

aee8df317a...e9.exe

windows7-x64

10

aee8df317a...e9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aee8df317acf19c8b0645de2ad4595d85281eeaeaf5b9b8f8786c647f8365de9

  • Size

    569KB

  • Sample

    220731-frpn7ahed9

  • MD5

    1da9a3e209139bef422041960aba6464

  • SHA1

    00f40230e43aeabb7ef3fb3332a29b59e95e24f9

  • SHA256

    aee8df317acf19c8b0645de2ad4595d85281eeaeaf5b9b8f8786c647f8365de9

  • SHA512

    f9d8c905ff143dac5b95be12afd21698795211a639b2977fa0f993221bf2ee86cc1eb8253433dda8e70c58ee559b92d094c75d8750cfa7ed7e1f7316b8621f23

Score
10/10
diamondfoxbotnetinfostealerstealerupx

Malware Config

Targets

    • Target

      aee8df317acf19c8b0645de2ad4595d85281eeaeaf5b9b8f8786c647f8365de9

    • Size

      569KB

    • MD5

      1da9a3e209139bef422041960aba6464

    • SHA1

      00f40230e43aeabb7ef3fb3332a29b59e95e24f9

    • SHA256

      aee8df317acf19c8b0645de2ad4595d85281eeaeaf5b9b8f8786c647f8365de9

    • SHA512

      f9d8c905ff143dac5b95be12afd21698795211a639b2977fa0f993221bf2ee86cc1eb8253433dda8e70c58ee559b92d094c75d8750cfa7ed7e1f7316b8621f23

    Score
    10/10
    diamondfoxbotnetinfostealerstealerupx

    • DiamondFox

      DiamondFox is a multipurpose botnet with many capabilities.

      botnetstealerdiamondfox

    • DiamondFox payload

      Detects DiamondFox payload in file/memory.

      infostealer

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks