diamondfox | 38bb9077def7aca1ecb5c0fab00e96dc0c41543b6e6d6541295687f2bcaac1a0 | Triage

Submit
Reports

Overview

overview

Static

static

1

Zui-Setup-1.3.0.exe

windows10-1703-x64

Zui-Setup-1.3.0.exe

windows10-2004-x64

Sharing

General

Target

Zui-Setup-1.3.0.exe
Size

137.6MB
Sample

231002-pnyx5aag8s
MD5

0dbedea49c97ceb36fe82f6b9330a4be
SHA1

be892e61af06d74de7461b26cbed4ecf7f4c1c24
SHA256

38bb9077def7aca1ecb5c0fab00e96dc0c41543b6e6d6541295687f2bcaac1a0
SHA512

d76fcbb20fc8c871fb9ac0b5afa20346473f918f97ef2b8e15767af9f45d42833e84f5d0dfa751c1a0018f699df8ec0cc96f4ad1eaf4c403e85072edddf50572
SSDEEP

3145728:DG3pqx3VJ7Y2LJPc2nX/IhLDKjv8/LZ/HN2hqL66A9:yZqxlJVNjXgh/mOt/t2ha/4

Score

10^/10

diamondfox evilnum snakekeylogger botnet discovery infostealer keylogger pyinstaller stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Zui-Setup-1.3.0.exe

Resource

win10-20230915-en

diamondfox evilnum snakekeylogger botnet discovery infostealer keylogger pyinstaller stealer trojan

windows10-1703-x64

19 signatures

600 seconds

Behavioral task

behavioral2

Sample

Zui-Setup-1.3.0.exe

Resource

win10v2004-20230915-en

diamondfox evilnum snakekeylogger botnet discovery infostealer keylogger pyinstaller stealer trojan

windows10-2004-x64

20 signatures

600 seconds

Malware Config

Targets

- Target
  
  Zui-Setup-1.3.0.exe
- Size
  
  137.6MB
- MD5
  
  0dbedea49c97ceb36fe82f6b9330a4be
- SHA1
  
  be892e61af06d74de7461b26cbed4ecf7f4c1c24
- SHA256
  
  38bb9077def7aca1ecb5c0fab00e96dc0c41543b6e6d6541295687f2bcaac1a0
- SHA512
  
  d76fcbb20fc8c871fb9ac0b5afa20346473f918f97ef2b8e15767af9f45d42833e84f5d0dfa751c1a0018f699df8ec0cc96f4ad1eaf4c403e85072edddf50572
- SSDEEP
  
  3145728:DG3pqx3VJ7Y2LJPc2nX/IhLDKjv8/LZ/HN2hqL66A9:yZqxlJVNjXgh/mOt/t2ha/4
Score

10^/10

diamondfox evilnum snakekeylogger botnet discovery infostealer keylogger pyinstaller stealer trojan
- DiamondFox
  DiamondFox is a multipurpose botnet with many capabilities.
  botnet stealer diamondfox
- EvilNum C# Component
- Evilnum
  A malware family with multiple components distributed through LNK files.
  trojan evilnum
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- DiamondFox payload
  Detects DiamondFox payload in file/memory.
  infostealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

diamondfoxevilnumsnakekeyloggerbotnetdiscoveryinfostealerkeyloggerpyinstallerstealertrojan

behavioral2

diamondfoxevilnumsnakekeyloggerbotnetdiscoveryinfostealerkeyloggerpyinstallerstealertrojan

© 2018-2024

Terms | Privacy