Overview

overview

10

Static

static

7

AntivirusA...-1.apk

android-9-x86

10

AntivirusA...-1.apk

android-11-x64

7

disclosure.html

windows7-x64

1

disclosure.html

windows10-2004-x64

1

myps_policy.html

windows7-x64

1

myps_policy.html

windows10-2004-x64

1

origin.apk

android-9-x86

origin.apk

android-10-x64

origin.apk

android-11-x64

disclosure.html

windows7-x64

1

disclosure.html

windows10-2004-x64

1

myps_policy.html

windows7-x64

1

myps_policy.html

windows10-2004-x64

1

policy.html

windows7-x64

1

policy.html

windows10-2004-x64

1

vpnservice.html

windows7-x64

1

vpnservice.html

windows10-2004-x64

1

policy.html

windows7-x64

1

policy.html

windows10-2004-x64

5

vpnservice.html

windows7-x64

1

vpnservice.html

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AntivirusAI136_DZAPK.COM-1.apk

  • Size

    10.4MB

  • Sample

    230709-3sc34sha9w

  • MD5

    2281a663acfc3e81cbdb7ede827c2d6d

  • SHA1

    9b13e7d7431a3847f9e1abb3cc793e498c4d86f1

  • SHA256

    44fd5e974fc5c7903d67233ba9e4718b7cc63627a28ba8fe1d2c7ef6eb5f74c4

  • SHA512

    89768d9beb8800a20d506cb40254df9a2259d334979db873d357604ca776b6a4c6fabd537ddf9c517eadb3607618f91b2f288ed66060348fb7037c29e3fd30ca

  • SSDEEP

    196608:LD6T4a110xIPoIeP/ShMIgHUkiBY8dG7iFnu6ToJ+Ov8e1I7ao:L+T4a1CiPMIgHjWvEAnMhs

Score
10/10
diamondfoxandroidbotnetstealer

Malware Config

Targets

    • Target

      AntivirusAI136_DZAPK.COM-1.apk

    • Size

      10.4MB

    • MD5

      2281a663acfc3e81cbdb7ede827c2d6d

    • SHA1

      9b13e7d7431a3847f9e1abb3cc793e498c4d86f1

    • SHA256

      44fd5e974fc5c7903d67233ba9e4718b7cc63627a28ba8fe1d2c7ef6eb5f74c4

    • SHA512

      89768d9beb8800a20d506cb40254df9a2259d334979db873d357604ca776b6a4c6fabd537ddf9c517eadb3607618f91b2f288ed66060348fb7037c29e3fd30ca

    • SSDEEP

      196608:LD6T4a110xIPoIeP/ShMIgHUkiBY8dG7iFnu6ToJ+Ov8e1I7ao:L+T4a1CiPMIgHjWvEAnMhs

    Score
    10/10
    diamondfoxbotnetstealer

    • DiamondFox

      DiamondFox is a multipurpose botnet with many capabilities.

      botnetstealerdiamondfox

    • DiamondFox stealer

    • Acquires the wake lock.

    • Requests dangerous framework permissions

    behavioral1behavioral2

    • Target

      disclosure.html

    • Size

      21KB

    • MD5

      57e2258020e513a0c7de0b0b6f1b25be

    • SHA1

      5fd0cd13ee183d294cda93b6b2f4195b8859f3ea

    • SHA256

      75d64bc17c8091c45514e8f4f5f14696953d907e67801711b9ca36edfc6ed84c

    • SHA512

      a435c0d5380ccb075edb1bc16d549c2e7f807bac521540fd4aa6159144e626585ad860b9f22723f63a4c9490d008060b3e2aea3a94a3eb09ffc504bb2aa06a47

    • SSDEEP

      384:OL93PT4oVo91UslHycUEYl3Kn1dYs7ZAlVtPRR:M4H15bUa8w+l3

    Score
    1/10
    behavioral3behavioral4

    • Target

      myps_policy.html

    • Size

      53KB

    • MD5

      9a447d84da71684c5c571999f23ea7a0

    • SHA1

      7d4496c5a38316c1d8c7abc93e1f0a5bcafde1fa

    • SHA256

      243bd76153a8c1a1dfc9132afce1a796770dab63b1ce4ee725f593dddeec4358

    • SHA512

      05f394e7681243630b3f1739306fd5beb6677a57eef5f36be847918f9eaa296eb50e3052afd4eb844f933345e9b972deb95f19b20aa46ce15039600edf1b6340

    • SSDEEP

      768:aUuR+6hRBH0+xPZV+YTSFlgK4yFMuMveCn/1N2aj7wlDtXGZ4nKdW3q0C5kubKzt:ruXPZVaMvz7wFkZe3qLc

    Score
    1/10
    behavioral5behavioral6

    • Target

      origin.apk

    • Size

      5.5MB

    • MD5

      64bce546d5b79b78e6688420945edf87

    • SHA1

      665cd42c9831d0510db5756c004911c5b71a99cb

    • SHA256

      75078c407ef53a9433ecbdd76f49002a8a5bdc9df0da65ef0bc6040c6bce7dab

    • SHA512

      20c50c51b18bc7f1f281ecdff81e1395ec82a22d12b4a28cb9bf69fee56cf0b7059939f0542c545e8419a32ce158a6300901944f50364f51be33a4995c2399c9

    • SSDEEP

      98304:2CBn7OZR4oJdkiKL4mQYtSoEjBG7s7Fjju6ToJ+UEX+emEqyhUzsm0fXkGxkQk/6:2gHUkiBY8dG7iFnu6ToJ+Ov8e1I7L

    Score
    1/10
    behavioral7behavioral8behavioral9

    • Target

      disclosure.html

    • Size

      21KB

    • MD5

      57e2258020e513a0c7de0b0b6f1b25be

    • SHA1

      5fd0cd13ee183d294cda93b6b2f4195b8859f3ea

    • SHA256

      75d64bc17c8091c45514e8f4f5f14696953d907e67801711b9ca36edfc6ed84c

    • SHA512

      a435c0d5380ccb075edb1bc16d549c2e7f807bac521540fd4aa6159144e626585ad860b9f22723f63a4c9490d008060b3e2aea3a94a3eb09ffc504bb2aa06a47

    • SSDEEP

      384:OL93PT4oVo91UslHycUEYl3Kn1dYs7ZAlVtPRR:M4H15bUa8w+l3

    Score
    1/10
    behavioral10behavioral11

    • Target

      myps_policy.html

    • Size

      53KB

    • MD5

      9a447d84da71684c5c571999f23ea7a0

    • SHA1

      7d4496c5a38316c1d8c7abc93e1f0a5bcafde1fa

    • SHA256

      243bd76153a8c1a1dfc9132afce1a796770dab63b1ce4ee725f593dddeec4358

    • SHA512

      05f394e7681243630b3f1739306fd5beb6677a57eef5f36be847918f9eaa296eb50e3052afd4eb844f933345e9b972deb95f19b20aa46ce15039600edf1b6340

    • SSDEEP

      768:aUuR+6hRBH0+xPZV+YTSFlgK4yFMuMveCn/1N2aj7wlDtXGZ4nKdW3q0C5kubKzt:ruXPZVaMvz7wFkZe3qLc

    Score
    1/10
    behavioral12behavioral13

    • Target

      policy.html

    • Size

      34KB

    • MD5

      5006b2ca11128f570cb0d02c472f5c4a

    • SHA1

      4bc29748b81396285f6df954efb0d708f73025a7

    • SHA256

      efd83e19fe889b7af1ab18a31cd519e27eaf0abea42975a82f15afefb272f08b

    • SHA512

      c761233feb68832ba595a06b18a889a5a79c4f8305dad5c1616b0d88032e2569c95e0d415c9b8b7d4e2d519ef0eeae590d26ffca386cd748d1b015932093a3b6

    • SSDEEP

      384:rWnYCJu/yJMBAK/c9Yn3Y+9X01uLp3XPYsTmem6bs7OE3YZVNCmj1SYSr3QPRz:2YwKY0v9wsxfblEEnx

    Score
    1/10
    behavioral14behavioral15

    • Target

      vpnservice.html

    • Size

      12KB

    • MD5

      387c369588d9f69ecf8a300afa3129ca

    • SHA1

      c01f17a03d11a3cac63fd71cdea5c0cc1191cc35

    • SHA256

      54de6b26b37f4a530a301cf21e3d29d20ed80247022d3ae37b74a66f0af45107

    • SHA512

      45a0e48c4f6212c7aaf4604d8a6ef0f67a712aeadf47f1c9e11e3a1011e8527c2cb1ce70dfcff65d0667df9e5559f53653022858dea069640b88d133d93730c5

    • SSDEEP

      192:8hHWlmerWHv8VwNXBx9UccBmcENHJk9uP8s9AdVvPRb:nEHvTNX/9QmBpKs6VvPRb

    Score
    1/10
    behavioral16behavioral17

    • Target

      policy.html

    • Size

      34KB

    • MD5

      5006b2ca11128f570cb0d02c472f5c4a

    • SHA1

      4bc29748b81396285f6df954efb0d708f73025a7

    • SHA256

      efd83e19fe889b7af1ab18a31cd519e27eaf0abea42975a82f15afefb272f08b

    • SHA512

      c761233feb68832ba595a06b18a889a5a79c4f8305dad5c1616b0d88032e2569c95e0d415c9b8b7d4e2d519ef0eeae590d26ffca386cd748d1b015932093a3b6

    • SSDEEP

      384:rWnYCJu/yJMBAK/c9Yn3Y+9X01uLp3XPYsTmem6bs7OE3YZVNCmj1SYSr3QPRz:2YwKY0v9wsxfblEEnx

    Score
    5/10

    • Drops file in System32 directory

    behavioral18behavioral19

    • Target

      vpnservice.html

    • Size

      12KB

    • MD5

      387c369588d9f69ecf8a300afa3129ca

    • SHA1

      c01f17a03d11a3cac63fd71cdea5c0cc1191cc35

    • SHA256

      54de6b26b37f4a530a301cf21e3d29d20ed80247022d3ae37b74a66f0af45107

    • SHA512

      45a0e48c4f6212c7aaf4604d8a6ef0f67a712aeadf47f1c9e11e3a1011e8527c2cb1ce70dfcff65d0667df9e5559f53653022858dea069640b88d133d93730c5

    • SSDEEP

      192:8hHWlmerWHv8VwNXBx9UccBmcENHJk9uP8s9AdVvPRb:nEHvTNX/9QmBpKs6VvPRb

    Score
    1/10
    behavioral20behavioral21

MITRE ATT&CK Enterprise v6

Tasks