Overview

overview

10

Static

static

10

diamondfox_2.exe

windows7-x64

10

diamondfox_2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    diamondfox_2.exe

  • Size

    203KB

  • Sample

    240212-e6qpcsab5v

  • MD5

    edcbd21bcf32c01e132b51ab1c92a532

  • SHA1

    205e23b68a25e20651b459523b2c8a2ebaac022f

  • SHA256

    06e55f0700b583a63f0778201bf4f1ac352966f9c4fa47b5bbd7f39c08b68b79

  • SHA512

    35c767a8022bab81879d51b0d6731176555fbd6a3ce00d69826a059d15131fa1a9230b706f866f7759a3b646fb1a404fa2197ff7dba5dc35a898216cb5f6a9c3

  • SSDEEP

    6144:SnSNM0tFUkfgEYxE91e/QkqCh+FjvTBiL+:SSN3zgpxooF3h+FjvToa

Score
10/10
diamondfoxbotnetinfostealerstealer

Malware Config

Targets

    • Target

      diamondfox_2.exe

    • Size

      203KB

    • MD5

      edcbd21bcf32c01e132b51ab1c92a532

    • SHA1

      205e23b68a25e20651b459523b2c8a2ebaac022f

    • SHA256

      06e55f0700b583a63f0778201bf4f1ac352966f9c4fa47b5bbd7f39c08b68b79

    • SHA512

      35c767a8022bab81879d51b0d6731176555fbd6a3ce00d69826a059d15131fa1a9230b706f866f7759a3b646fb1a404fa2197ff7dba5dc35a898216cb5f6a9c3

    • SSDEEP

      6144:SnSNM0tFUkfgEYxE91e/QkqCh+FjvTBiL+:SSN3zgpxooF3h+FjvToa

    Score
    10/10
    diamondfoxbotnetinfostealerstealer

    • DiamondFox

      DiamondFox is a multipurpose botnet with many capabilities.

      botnetstealerdiamondfox

    • DiamondFox payload

      Detects DiamondFox payload in file/memory.

      infostealer

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks