Overview

overview

10

Static

static

1

Telegram.lnk

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Telegram.lnk

  • Size

    1KB

  • Sample

    240716-zhw7fssclf

  • MD5

    f41af6e5d14c7c68a9a3093d709579a6

  • SHA1

    ee2548e831fb3a16f980c16992acfc4411afa1a5

  • SHA256

    85e3c92814e9abdbf40c9161e51fe7b141eba071e3419da242c7b9608ee6f81d

  • SHA512

    afc297dfbd93f7a33222bca486bc7cf87feb73156ecdb1c9ec85a4c6b6d9aac83583c68727a01178adf792e6a0c30e5d9c58a924cf275f5f9578613754866d0e

Score
10/10
diamondfoxbotnetdiscoveryinfostealerstealer

Malware Config

Targets

    • Target

      Telegram.lnk

    • Size

      1KB

    • MD5

      f41af6e5d14c7c68a9a3093d709579a6

    • SHA1

      ee2548e831fb3a16f980c16992acfc4411afa1a5

    • SHA256

      85e3c92814e9abdbf40c9161e51fe7b141eba071e3419da242c7b9608ee6f81d

    • SHA512

      afc297dfbd93f7a33222bca486bc7cf87feb73156ecdb1c9ec85a4c6b6d9aac83583c68727a01178adf792e6a0c30e5d9c58a924cf275f5f9578613754866d0e

    Score
    10/10
    diamondfoxbotnetdiscoveryinfostealerstealer

    • DiamondFox

      DiamondFox is a multipurpose botnet with many capabilities.

      botnetstealerdiamondfox

    • DiamondFox payload

      Detects DiamondFox payload in file/memory.

      infostealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks