Overview

overview

7

Static

static

3

Diavlo v2.exe

windows7-x64

7

Diavlo v2.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Diavlo v2.exe

  • Size

    37.6MB

  • Sample

    230204-3bwtwsfa78

  • MD5

    f546ad3c58cf8067f72ab2cc7ab07997

  • SHA1

    35a8ea8434ea2eda229b10a8266833cbd1227be5

  • SHA256

    82dffd73e3dbbd3f3333aa68fff3d8b1ac02090f79cd8fd46663515321507291

  • SHA512

    bf41d5c68f6c0875dbdd2100dd50367440e7172e698f2622f9a9aca8a08c9ca388ca863f0ff3a8b10197673f524aa25818ad21469e8016fb6ba126861da82dd4

  • SSDEEP

    393216:uT+UwRM9dM/ISGL2Vmd6ml/m3p5c/eEJ4PV4aU55RdG1xSNiQ:/qT6ISGyVmdXK5uh4PqrG14NiQ

Score
7/10
pyinstaller

Malware Config

Targets

    • Target

      Diavlo v2.exe

    • Size

      37.6MB

    • MD5

      f546ad3c58cf8067f72ab2cc7ab07997

    • SHA1

      35a8ea8434ea2eda229b10a8266833cbd1227be5

    • SHA256

      82dffd73e3dbbd3f3333aa68fff3d8b1ac02090f79cd8fd46663515321507291

    • SHA512

      bf41d5c68f6c0875dbdd2100dd50367440e7172e698f2622f9a9aca8a08c9ca388ca863f0ff3a8b10197673f524aa25818ad21469e8016fb6ba126861da82dd4

    • SSDEEP

      393216:uT+UwRM9dM/ISGL2Vmd6ml/m3p5c/eEJ4PV4aU55RdG1xSNiQ:/qT6ISGyVmdXK5uh4PqrG14NiQ

    Score
    7/10

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks