diamondfox | a6375022953679ad82fc634b471c5b9b7911b47453e8d155469f24ee20db89dc[.]bin

Resubmissions

09-04-2024 09:25

240409-ld13ysbf56 10

04-03-2021 15:00

210304-4rkckgcr1n 10

Sharing

Copy URL

Twitter E-mail

General

Target

a6375022953679ad82fc634b471c5b9b7911b47453e8d155469f24ee20db89dc.bin
Size

90KB
MD5

387fd80a5602adc3dd4b2d0197a289de
SHA1

b903356e121f997a49759b306533a7ee8880b13b
SHA256

a6375022953679ad82fc634b471c5b9b7911b47453e8d155469f24ee20db89dc
SHA512

3d8d5f437df25d23dbba75c4be7d252bdda32e84c1c55eee10877d38a178aed5beae6dbb56c1f0aa7ba9a94c020dc0705584bdc13bfe61d0af4de9cc76afa23e
SSDEEP

1536:3iRjptO0Eel2ZXU0SL2mfksXIzuUleVBq:3EVkelKXUCIkxl0q

Score

10^/10

infostealer diamondfox

Malware Config

Extracted

Family

diamondfox

http://dong7707.at/spt/gate.php

Mutex

YxgnVQE8PlVLcflLlW4ai9xmX2DERyF4

xor.plain

Signatures

DiamondFox payload 1 IoCs

Detects DiamondFox payload in file/memory.

infostealer

resource	yara_rule
sample	diamondfox

Diamondfox family
diamondfox

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a6375022953679ad82fc634b471c5b9b7911b47453e8d155469f24ee20db89dc.bin

Files

a6375022953679ad82fc634b471c5b9b7911b47453e8d155469f24ee20db89dc.bin
.exe windows:4 windows x86 arch:x86

6896c381286479424e77ae2151589c5e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord516
ord517
ord626
ord519
ord667
ord593
ord594
ord702
ord598
ord631
EVENT_SINK_AddRef
ord529
ord560
DllFunctionCall
ord567
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord710
ord711
ord712
ord606
ord714
ord716
ord531
ord717
ProcCallEngine
ord537
ord644
ord570
ord648
ord573
ord681
ord578
ord685
ord100
ord579
ord616
ord618
ord580

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

6896c381286479424e77ae2151589c5e

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 89KB - Virtual size: 88KB

.data Size: - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 16B

.text
Size: 89KB - Virtual size: 88KB

.data
Size: - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 16B