Overview

overview

10

Static

static

3

53b5d03977...ce.exe

windows7-x64

10

53b5d03977...ce.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    53b5d0397777ff7b544a1f75739588fe449a2d6d2f4d4f4bb4d51228caa060ce.zip

  • Size

    133KB

  • Sample

    230828-lxdrrshh69

  • MD5

    6b2e4f5b4ddcbeced5a39669a77fc649

  • SHA1

    a7783f0f45aebebd57d85de3e0fa608f812085e6

  • SHA256

    2622cd891ff6151e1c9bb5af31b691c6e91d58d30e2d0446ecd9aabbb0f12d0d

  • SHA512

    0c74dacd5f7ca210bd7bc7a6c9e360bb559b39dfb3124f7216f681b93be7addef1ca166ad6334b50f8aff4aa033c20cd440b6487215d8391f416686ba00fab5b

  • SSDEEP

    3072:7kJtGjKopaf3GC5vdmgmNw6xriCH9rVbQ9XOqnEwh:7kypaf3GbNw+i01+XDEwh

Score
10/10
diamondfoxbotnetevasionpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      53b5d0397777ff7b544a1f75739588fe449a2d6d2f4d4f4bb4d51228caa060ce

    • Size

      220KB

    • MD5

      b856ee00318bbdbafcc4895350424456

    • SHA1

      e06f26b9f4fe365b85b3ae3b6f0fb4ca3425d98d

    • SHA256

      53b5d0397777ff7b544a1f75739588fe449a2d6d2f4d4f4bb4d51228caa060ce

    • SHA512

      4a355ccd050e6842eb5baac108e3253ce259a8148b06e0b7e1ed21ae8da0ab396b9241072f4c17501545b33ccfdae7b7f0a881ee2ac4fce6c68fdf48047abec0

    • SSDEEP

      3072:FFlJl9SroIZsF6RBvM+56h2NfF0kz2rx2OZ4tAHTaXZZAfr9QL2Kj8rzvn:rx9EZF1M+ch2hF8rNZOAH+ZAfrK2a83

    Score
    10/10
    diamondfoxbotnetevasionpersistencespywarestealertrojan

    • DiamondFox

      DiamondFox is a multipurpose botnet with many capabilities.

      botnetstealerdiamondfox

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Adds policy Run key to start application

      persistence

    • Deletes itself

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

3
T1562

Disable or Modify Tools

3
T1562.001

Modify Registry

6
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks