diamondfox | cd4cfb25cd47e1e3f52de6be00547fcde3ee7f058bda0febb86ccd9c2c2a82cb

Analysis

max time kernel
2763600s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
24-12-2023 04:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cd4cfb25cd47e1e3f52de6be00547fcde3ee7f058bda0febb86ccd9c2c2a82cb.apk
Size

5.4MB
MD5

f150e5b51f7d33b2350e236fb3ab5ff1
SHA1

e0f569e935a4c8c0238ad170824bf2b21a65b63a
SHA256

cd4cfb25cd47e1e3f52de6be00547fcde3ee7f058bda0febb86ccd9c2c2a82cb
SHA512

8eb4505a0ab64270802546285095de5aab979a0a7ba47850221f6827db2d4930ac3185d95c7c993c16321fd5b7c4711aceb8addb1cca627fb3e183e5a29a27b8
SSDEEP

98304:VoXm4EjEm7H+dXPgGvpfyfrl6yTL+pfOUxDY00/SCEIzczRZvpiBdf/piVA5tvgG:VoXegm7UvpoaDYLCvp+DiyfgAN

Score

10^/10

diamondfox botnet evasion stealer

Malware Config

Signatures

DiamondFox
DiamondFox is a multipurpose botnet with many capabilities.
botnet stealer diamondfox

DiamondFox stealer 1 IoCs

Processes:

resource	yara_rule
behavioral3/files/fstream-32.dat	diamondfox_stealer

Acquires the wake lock 1 IoCs

Processes:

com.protectstar.antivirus

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.protectstar.antivirus

Checks the presence of a debugger
evasion

com.protectstar.antivirus
1⤵
- Acquires the wake lock
PID:4618

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.protectstar.antivirus/cache/volley/-4440143561595694984

Filesize
737B

MD5
3612d0855f0a21a915b1f28219628c1d

SHA1
b451c62a763155e7c048741f8a2b59d316d92cde

SHA256
66aa8d119f2406e0a969cde42345ada6da11f84692d528cb03206bdeac21274f

SHA512
2f85e36832d05a4a9ba4f9beb464ba6ea87ac034e667331f6494bf937154cd9923e072dd6991b94e9ad66b548a79146940d73c174f3af27d22e4f4b89a47451a

Download Submit
/data/data/com.protectstar.antivirus/cache/volley/-4440143561595694984

Filesize
116KB

MD5
7cc3b40c8f95c0e095104e683f5e1260

SHA1
b3537b2076bc86a4e1fe15d0904ae512f026fac9

SHA256
a193648f0fe3d9f0b6760b3dc10e071fb3813ebf6954087a522163af85801c9b

SHA512
b28df78ab1cc1b54220fb2a579786e9ae8f4cc3e7df0d31745525021ab20758531f518116bbf94992ebba95dedec84a85baf18086b07c176bb1efbe5882693c2

Download Submit
/data/data/com.protectstar.antivirus/cache/volley/-4440143562082814216

Filesize
737B

MD5
6fac00fc225fbcd1e8fd9d3cff885b7e

SHA1
93906e27b74e960fb504e7f08d5ac4e3b3805c03

SHA256
889b8af9038cf4efdf329b3085e9357a6c0226a8dd61970488fdf4ba866ed242

SHA512
f9829cfe340d4be72dfe278644755caf324506f67d174b98986d6a4afe4fb745ba2680f090237c5dc8faa81170a5c36c4b0c30aa7263a8ba011fac85570ccaa7

Download Submit
/data/data/com.protectstar.antivirus/cache/volley/-504558873-1090045957

Filesize
759B

MD5
203fe4f15dbacf34c0cc923b83255ee1

SHA1
706ef1fd8fc0d6c70bc3f49d7ed33383f60706b9

SHA256
0cf7083a8a109acaa08c09a7e568d7dc0f3cf1742ebb3c91ef5cf36a8054c1e4

SHA512
94f60035a45105c957804c0e7a50bb665f858753ddcaddca95558008f26f26fdf503620548cbf1d4037696ee9a62d90cecdac6c2aede4f9abd288b752578462d

Download Submit
/data/data/com.protectstar.antivirus/cache/volley/-504558873-1090045957

Filesize
254KB

MD5
9757e07f0b0879e33eaf54b64616cc1a

SHA1
5649f8cc2201163f1015a3a55b0ff614cda4a02f

SHA256
017202155ad8f14a2056b9ca5387121f793213bba2dd1ce4cf2729573f015649

SHA512
2e1255bb4cc2825092c1fdfbd0c1199b18155763bc132f4a2602167f5361e548cdb279d2b7c169bff70111283d3272d2d5730485767147352df70245c4c43015

Download Submit
/data/data/com.protectstar.antivirus/cache/volley/1832329520563655267

Filesize
954B

MD5
6124476e417c89fa34d665b34f711da7

SHA1
fc681e152cb5433a968807caa9214d8d6b91d985

SHA256
f378700a1a609f6ff0dd06b4a1ebcf52804127000dbc2260009da6ff0b7dd2d7

SHA512
1199fa6ba82f67c3ed8fc4ab965679c418d656eaba7d5994b0624252cd9a8d18320e4a8e05cf0bb7281d23deb34e5ad390eb8f874e24eaba256b5460ea6b08a9

Download Submit
/data/data/com.protectstar.antivirus/cache/volley/1832329520563655267

Filesize
954B

MD5
6b305506399f007a48afa2bd771896ed

SHA1
aa2a3114f538f73d2062716bc7a74640f23e3362

SHA256
c17a6979201d9eb4faca9ef9f35c41b17dcbed6a6e017ac69fec13c741b7c8e5

SHA512
9c3b97916a613ae970fe4a5da44d708dc1e408ee03cfff0d548865927e933243a1490c74b0d005db025f7661a394072e0c8e8ce0f17f65d765938f09c3e86e01

Download Submit
/data/data/com.protectstar.antivirus/cache/volley/1832329520563655267

Filesize
954B

MD5
24a9cf1a778a0751d5bc7e371f0f5c86

SHA1
e1f6ca99e8733b1d0912dbd9551371af8e88f18a

SHA256
26b51f75d877572a3e435f89e2ec38a74eceb2e9dae9ba0f9dd8cf063deb59f9

SHA512
e6712910e9e18610a0d30e87563c3c84caceb5c61dfe23c8e0d54b3312720bc9b2114b3a539ec9c65839626aac030799fb9cfc5ccf9a3d47ccbfbe99210d8252

Download Submit
/data/data/com.protectstar.antivirus/databases/com.google.android.datatransport.events

Filesize
12KB

MD5
171aedf968e17a2744d2585715606cb9

SHA1
bbeddeb3b89fcf809619c35b4a318a80e7d5b029

SHA256
d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e

SHA512
78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

Download Submit
/data/data/com.protectstar.antivirus/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
18acd1c8ac74d203b13463194a4424e1

SHA1
87726245d312fa976de98762530db240c2eea1cf

SHA256
330d9bcd828b922d11e6b6b54e27878558b6a71c1cc9ea0721c2c54d529e2a0d

SHA512
c70323b408e4b3bf9f74c4a3caedc65e8cc3c783c1251be06683adc71021bf19938c389c76b964e6733ee83f8c1bd6427373e70782d21b8ba3906580e632d83e

Download Submit
/data/data/com.protectstar.antivirus/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
d6a565324cb867f06c8dc0b6b80239b1

SHA1
b1b9aa2ab0d8bad707315e81604d0c9aa7a1a3c6

SHA256
45bb31669fe656e024b8492dec067efc9715f0423ef456e29a0d3fad6061723c

SHA512
31c25c6c37d674dfc73aae25e7c09954a4eb6458c0d3f0fd8cb2785fb8c7162a9a3a05b69311b16aeca63c90053d736c2db701bf29fe19c4d95780d4efcdc543

Download Submit
/data/data/com.protectstar.antivirus/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
0a4d0868a6ef3c0229846d13ebaab160

SHA1
ff59a07be1cdb61ad286a8a7b6e9ac7be76a4a76

SHA256
6771e369f68e08e86e15d49163025d9ef496495cbf502e977d13140eef86dd23

SHA512
7e5822d04dd3062ba873e16139aff90301c2175b227061b05475a37e96fd19b38d26e17cc206e72042237730c30d7e81b9c7b0f317ef9bdb4273346ecf74da14

Download Submit
/data/data/com.protectstar.antivirus/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/com.protectstar.antivirus/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a09df6eb025f88829a92a6b30f056f51

SHA1
4df38cb8a194f48ebfd7acce3e649bc9fea38f95

SHA256
ef8d918f54ab00be8c0b523ab4a9eca91bf74c0322d1960d20ac48dffaf37633

SHA512
80acb5e38392c818d989e4cc95032a1cb0de1b2ccfcdb3c5e4d471162e922ea090b0126dd76772c7e4c71951cbb1533824e95bbee9495e0b09a01c7ef719b411

Download Submit
/data/data/com.protectstar.antivirus/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ed1a1c7c06c385e626919f90a4f21b35

SHA1
2d927d0c7b85a898bed7988ef6bfc95d8b55cf26

SHA256
5cb59772af63973b2f89faa7736437504876bcc1cd5a30774b22d27b805e0974

SHA512
faa4b8d702f63f0238a36494d4de339a764f74f61997705280910f51634b4b0286312b3c91fe87c9daff0964ebfd7fdc9c851f31008ffa79c5609201f6b67a52

Download Submit
/data/data/com.protectstar.antivirus/databases/google_app_measurement_local.db

Filesize
16KB

MD5
dc39d23075ea22cd25de1d0a68afe61e

SHA1
2ccfdc7204c475c0abde9fac5c202e73d0595c6e

SHA256
8b4f5a2e350a6c2dd7f8eac97844e6213fba12a32210bc525327013407488008

SHA512
c2737782ff294a0e48dbc4e4cc23030cd9e4af7b7f96655561f0d5545be76cd11cd514e1013ca5c523defc35d1dad4ed23f8480e288e097fec15d1ea94228cc4

Download Submit
/data/data/com.protectstar.antivirus/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ecd7dc4715509398ed6f3a8aee09b286

SHA1
d5d22017e73cfefc95681c0fddae1b48a67ce296

SHA256
45f74e654ad85e2b8451faf95769c375f3285a4a823a137cadbab4d2fd8bbd64

SHA512
fe6458fba94e85435d34d3f15684a5f59b9424c30947cc9bbfc181f2c5cef82ae93ba3f21550d943ea60ec1ee79fbce68dea64398027a1ace4e34f7f2353e1d3

Download Submit
/data/data/com.protectstar.antivirus/databases/google_app_measurement_local.db

Filesize
16KB

MD5
96c97542c6cd8ffa7d6e17cb7ac302d6

SHA1
bdcf08fe94ebd04e447c69d6f7db6cf4cdd20e7d

SHA256
25af9fd7be8c86d65406720be06afdebf793499c561d913f7c8a9ae5869877a7

SHA512
5030805f0b022da45e6bb2ef792bfd3f2bc2a18ef2e6ef57f540a6c1a20647c3d4da6e5f344962c34407fea063a398a31bd304e4c4de4f8a2e874b0dd41baba6

Download Submit
/data/data/com.protectstar.antivirus/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
7d8dcba3da0617697b0845e646843fa2

SHA1
28d0278b0f09195b798f968655c65b3ae53a2e82

SHA256
b905da416c9f6df5c50059ad6d791764c488c527cda528808db61541572ea127

SHA512
3df10150362487720cf6ffcb2702d93266512334eca520dc7cf00c15a604b8dc13b6f5e7ec752e4459dedc685ab10db651fa51418c53fb9ddd7a47d251ac693d

Download Submit
/data/data/com.protectstar.antivirus/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
b3aad6040c2145808afb671522ed6004

SHA1
dee27c7563f54d05e66e9364c2154818c078557d

SHA256
8e7b8deb66142f725f80244b77f45dbc187ac849e9e2857def7be5332f0c3dfd

SHA512
487a32d8740e30d884e0558a855d2558566c444945b4bc1247f05aafb48d6222b5b2d1cc169e7048ee68f371561b9804b293ba657f67bf017cf10dcd9205da3b

Download Submit
/data/data/com.protectstar.antivirus/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
0dda7eede0440476d7eae0d36fc862cc

SHA1
f2a3ad4e1ce9cb2fb0a5dec247c53e1c8836f3be

SHA256
5869065621e5eb1bc8531aec73ab6eb3704455939852cb037a4e2d8ee4fe8b46

SHA512
de11889baf1f12cac2749d76569b379a5f46d756f9236a9ea17254464c32e79d5549268a5d09c85adb969a3d50cc7bc20f60ae7e37db15be1811429d371f79b2

Download Submit
/data/data/com.protectstar.antivirus/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
2bc53acc0302d831007bce7863827f32

SHA1
28ff02cfaf329c95cc5b06549c604e373513e7a8

SHA256
9060d031bfb51d61005aed71cacd12ddade2c0407559f2be2b56786ecfa75420

SHA512
5a9bd3b0ca2f646ba8f67727790b4fe6ed7ea9896edb841838b7b008242946aa8ba3debb87737e9a31948759a562c4fdef02753596dcab7d54550f302cb6720a

Download Submit
/data/data/com.protectstar.antivirus/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
32dd61f7fd16c2db5cad2a7b343c27ff

SHA1
f82d8a8ffba123e90270404828e01f09b734969e

SHA256
38603544ab9e3813ed699a7795057c709218f47af78f55b2a7165306fafbfea7

SHA512
79c19fabd96eb41529029359c9844e19b418bece5ed8f09f3bf97626baea5fb3ff6918ed7a5a968696cf2f07d7f7ac0cb31fcdf3e52805946007f0637f5165a2

Download Submit
/data/data/com.protectstar.antivirus/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
753215208fb9327baca49efd94877877

SHA1
c686d8894222480698b333de7dd348a486300fe8

SHA256
9f8e0b054ea8bfd847c09d9efb5efad35344c98af6f0fc1046a5981e4578aa1b

SHA512
0302b350237b99cda267696ba0c32129f7bbfb2bdfb35c32f86634ee384301c933211bfc23b862175160d5f7b13d54e69763dfefbe1e8376341a058a794f6fe2

Download Submit
/data/data/com.protectstar.antivirus/files/.com.google.firebase.crashlytics/658A6C850104-0001-120A-126605C80648BeginSession.cls_temp

Filesize
75B

MD5
6f1540538aaf4fe347190cb60fd91485

SHA1
d21a29b00244a06efbceada580feb518a4467cee

SHA256
8733c6cb91c7e7ad59ca0e99a184adfb0dfbd34b847259532e156ef2dbe43c9a

SHA512
b17751586de5434ebfac4e3a2204443343bf9b2fe4bc1f545e43b3e8c3d6eb4ec3f356dc2aeb14ee2cbbeb024a23d99e80386c0f6cf8742d58e62d7f081792a2

Download Submit
/data/data/com.protectstar.antivirus/files/.com.google.firebase.crashlytics/658A6C850104-0001-120A-126605C80648SessionApp.cls_temp

Filesize
78B

MD5
e037a6d0d529efd0cb0a4120948066a8

SHA1
23f948718ceda1218f02289c9e218e3f002724e1

SHA256
c5108f0207d7a648c3efa0e7f9efa6291d69aa321f7f1d2212208c6f13107e24

SHA512
b53bb503453a7422b443ced486ef2589f17c107293f31ef4e05939dcaeef5fc02bfcf433c60d3c7896c17e5792cdf76ef9ceaf3c30b9f24c7449a7d2880ec9fc

Download Submit
/data/data/com.protectstar.antivirus/files/.com.google.firebase.crashlytics/658A6C850104-0001-120A-126605C80648SessionDevice.cls_temp

Filesize
48B

MD5
fd6372364a5c5c9cf8945ac3ea7a5d94

SHA1
3c798cab71f6ae7a81e71e58712368231230588a

SHA256
7400bf714ca32b64dd89440c9d5ace4e0115ddce44d169839e465df0e1638641

SHA512
a18b18d061dfd979bce1e0b769009668c322300e7174f51d2532e86dc6018769194507a106dd30b97317f8c1a7539d13a7baeab2900c1e00da7c74e899dab276

Download Submit
/data/data/com.protectstar.antivirus/files/.com.google.firebase.crashlytics/658A6C850104-0001-120A-126605C80648SessionOS.cls_temp

Filesize
15B

MD5
b3d9541cc92a9153d14e5160f8d8c008

SHA1
2e1ac80eb381dd82a03795b682f92020348c0113

SHA256
1ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d

SHA512
78074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f

Download Submit
/data/data/com.protectstar.antivirus/files/.com.google.firebase.crashlytics/com.crashlytics.settings.json

Filesize
720B

MD5
204c0432052ec42be41e628ce4c27123

SHA1
ec5a52cf20d2f1fa49ff363f720d41ab2bddb5a9

SHA256
6fa14d0740eb45d75553a291e3513cc8bd8c6e40d458ad61e612a52e28682b6e

SHA512
e72d1c7d7764d691860f5a3d9ab3c154ba1b3ff28924afe087adc2ef75af060acfc21126708f744504eed8d4f99ac6013332361bc0d2ca33a1bf14c29e000f6d

Download Submit
/data/data/com.protectstar.antivirus/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-658A6C850104-0001-120A-126605C80648.temp

Filesize
88B

MD5
9a442ce542e96fdf1362176f8d554de3

SHA1
34d6b8a79465ebe434758cc06abb37c814c09164

SHA256
4cacc79e2613e0e48b1291a5599f2571050bc5e2665dda08b2c64da0c08fc3f0

SHA512
f3898bc29bef16b2d5567b01f10eebf3e68ab5a92feb874266779467107689bdf38011499f61371021293c365fb2aec410c299b446810181f415ff34ca3dbe3c

Download Submit
/data/data/com.protectstar.antivirus/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-658A6C850104-0001-120A-126605C80648.temp.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.protectstar.antivirus/files/.com.google.firebase.crashlytics/report-persistence/sessions/658A6C8501040001120A126605C80648/report

Filesize
754B

MD5
5ec76d07b799e3c3b8ebf61080638e8f

SHA1
3691541c15e1e3125aa44036a26a5c9bdb38fd5f

SHA256
b5bfa89469d6cc1928aaa67deb0452e37d8b338d346139460d1927eb08a32910

SHA512
7083fcb536bd272310827d49e52c054b2a1c1eee6f352f7586a7027487772b82c0f122b986fa647726b240b402109c8022b13209e02b2a5ab0d7598897ee0989

Download Submit
/data/data/com.protectstar.antivirus/files/PersistedInstallation267208791260056445tmp

Filesize
90B

MD5
b975951fd7ab80d78a4fb9d16bf109c7

SHA1
7d4a9780a3940612b0d1cdcd789a27f0ac443965

SHA256
61245d6de37b19262293ef1462684105a44599d0c4289836d127f3f20f69c0e8

SHA512
a7673fc18b9f5d637cfea40126869c3885305feba96fb5ec9fb82d917585d805bea77ccb9831e38d862ac702396328afa49eb576b7b6ef25f964b64cfa1e56ea

Download Submit
/data/data/com.protectstar.antivirus/files/PersistedInstallation6834691441872908916tmp

Filesize
569B

MD5
034955e99caa53a551ce5121b093a4bf

SHA1
8b4b27f9c73425f68c066b67699dafaf2ff4af87

SHA256
5bdf71f8f047b4cb865febf92c3f1f68f3aaa2d3442e02e0b09f1d87947b7f67

SHA512
21af6ef602d8755b9a53212befbe5d3846040485a060b44d8fe42aa612c2cd696934673c88d10d6b9adf70f19b0a38083d08bde63ac3e7e9f04ab2e66efd782d

Download Submit