diamondfox | 7a1833f7b91269b9f0eb48f9bba3db9cc444f749d82255322e1f8e221612895f | Triage

Sharing

General

Target

7a1833f7b91269b9f0eb48f9bba3db9cc444f749d82255322e1f8e221612895f
Size

18KB
Sample

221026-2d36bahedp
MD5

8f77d92060389f5733905710714556ce
SHA1

f817bbd59241f5dd732259784c2fabff78d1dfde
SHA256

7a1833f7b91269b9f0eb48f9bba3db9cc444f749d82255322e1f8e221612895f
SHA512

313e5b16ac7d556a74d19b2610f5e811694c1a660a460604afe5272f416fb1f7f2d04cea173dc9f2ce392e42101225fa0850f03ceaf46616d52347c96097468a
SSDEEP

384:NJE1O9JBp+U2CYf00mrtWivKSmSggQmUWgVhkXHQ1:NFI0/XvdJUVhgH

Score

10^/10

diamondfox botnet evasion persistence stealer trojan

Malware Config

Targets

- Target
  
  7a1833f7b91269b9f0eb48f9bba3db9cc444f749d82255322e1f8e221612895f
- Size
  
  18KB
- MD5
  
  8f77d92060389f5733905710714556ce
- SHA1
  
  f817bbd59241f5dd732259784c2fabff78d1dfde
- SHA256
  
  7a1833f7b91269b9f0eb48f9bba3db9cc444f749d82255322e1f8e221612895f
- SHA512
  
  313e5b16ac7d556a74d19b2610f5e811694c1a660a460604afe5272f416fb1f7f2d04cea173dc9f2ce392e42101225fa0850f03ceaf46616d52347c96097468a
- SSDEEP
  
  384:NJE1O9JBp+U2CYf00mrtWivKSmSggQmUWgVhkXHQ1:NFI0/XvdJUVhgH
Score

10^/10

diamondfox botnet evasion persistence stealer trojan
- DiamondFox
  DiamondFox is a multipurpose botnet with many capabilities.
  botnet stealer diamondfox
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Deletes itself
- Drops startup file
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

diamondfoxbotnetevasionpersistencestealertrojan

behavioral2

diamondfoxbotnetevasionpersistencestealertrojan