Overview

overview

10

Static

static

1

Kirbana.docx

windows11-21h2-x64

10

Resubmissions

08-10-2024 07:49

241008-jn6p3swenj 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Kirbana.docx

  • Size

    203KB

  • Sample

    241008-jn6p3swenj

  • MD5

    0848cad87734eda3d07e5c1f4421df54

  • SHA1

    a3b15ddaadabbd04fb5d8e45195371830bada2ed

  • SHA256

    64b11a8ac6bde59c9d0446ef7133657080e0709ccafb2583764662150cec6b7e

  • SHA512

    a2441f2636ad9f157a3f75ce79afd2f42382326d989524988b363292648d723e957cb0bafd025852f88fc2953239ea9be65ada723d178a20c406c21a807ffc61

  • SSDEEP

    6144:0PnI1dobp1tYnkbeUmeMIHv/R7CKpybx/B0K0o94:0PI1dobp7IQeUXMwCKpybt0o+

Score
10/10
diamondfoxbotnetdiscoverypyinstallerstealer

Malware Config

Targets

    • Target

      Kirbana.docx

    • Size

      203KB

    • MD5

      0848cad87734eda3d07e5c1f4421df54

    • SHA1

      a3b15ddaadabbd04fb5d8e45195371830bada2ed

    • SHA256

      64b11a8ac6bde59c9d0446ef7133657080e0709ccafb2583764662150cec6b7e

    • SHA512

      a2441f2636ad9f157a3f75ce79afd2f42382326d989524988b363292648d723e957cb0bafd025852f88fc2953239ea9be65ada723d178a20c406c21a807ffc61

    • SSDEEP

      6144:0PnI1dobp1tYnkbeUmeMIHv/R7CKpybx/B0K0o94:0PI1dobp7IQeUXMwCKpybt0o+

    Score
    10/10
    diamondfoxbotnetdiscoverypyinstallerstealer

    • DiamondFox

      DiamondFox is a multipurpose botnet with many capabilities.

      botnetstealerdiamondfox

    • DiamondFox stealer

    • Patched UPX-packed file

      Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

    • Legitimate hosting services abused for malware hosting/C2

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks