General
-
Target
loader.exe
-
Size
76KB
-
Sample
240718-nlvl9azclg
-
MD5
326c9824559847fb07129398ba61d8f6
-
SHA1
4fd07eca43b61b77767256d55aab05c413713866
-
SHA256
d465d2029b83316e613de8adbe16ea69fb561eecabb268781e038c216a2cb421
-
SHA512
eb69406130c2028258475af1f992f79151e1b797918bf71d73ff8fb2b9562bdc5114033177e4c31f5a1f52f8a613e7aaa5d7bee233a2e28146fe702c29192aac
-
SSDEEP
768:v7XINhXznVJ8CC1rBXdo0zekXUd3CdPJxB7mNmDZkUKMKZQbFTiKKAZTch:ShT8C+fuioHq1KEFoAS
Malware Config
Targets
-
-
Target
loader.exe
-
Size
76KB
-
MD5
326c9824559847fb07129398ba61d8f6
-
SHA1
4fd07eca43b61b77767256d55aab05c413713866
-
SHA256
d465d2029b83316e613de8adbe16ea69fb561eecabb268781e038c216a2cb421
-
SHA512
eb69406130c2028258475af1f992f79151e1b797918bf71d73ff8fb2b9562bdc5114033177e4c31f5a1f52f8a613e7aaa5d7bee233a2e28146fe702c29192aac
-
SSDEEP
768:v7XINhXznVJ8CC1rBXdo0zekXUd3CdPJxB7mNmDZkUKMKZQbFTiKKAZTch:ShT8C+fuioHq1KEFoAS
Score10/10-
DiamondFox
DiamondFox is a multipurpose botnet with many capabilities.
-
DiamondFox stealer
-
Modifies WinLogon for persistence
-
UAC bypass
-
Windows security bypass
-
Drops file in Drivers directory
-
Deletes itself
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1