MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ddd0441cea1bede537c8d8bf7366f0edb28dac36b5d07a76729eec099dee22a7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DiamondFox


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ddd0441cea1bede537c8d8bf7366f0edb28dac36b5d07a76729eec099dee22a7
SHA3-384 hash: f5ba583a77c6b54a557f6bc79c18444a932a0e44641c552a58885bca991463c590f11994348b80577038873734a46a4c
SHA1 hash: 8dc331dc0ffe12f3456374245cae7c816887d54c
MD5 hash: 23808fd697ada6c43398f4c41a3d13a1
humanhash: paris-mockingbird-social-zulu
File name:DRAFT HBL 2007106 林瑞 TO NEW DELHI SO NO. 7383 CLOSING 07-20 正在寄送電子郵件 林瑞-1090715-7383-SO.zip
Download: download sample
Signature DiamondFox
Create hunting rule
File size:339'609 bytes
First seen:2020-07-16 06:37:18 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:ZvcPQ6f89zdqxKRLjfueV+KRcELk8BEtOaC7/DfZnOVxUaylL02rIqN5Msy+Lp6A:QU9zdqxKd8KRc6xBEtOaGDf0URl/py+f
TLSH D374239B895723B6DD4ECD232B92ED847BEE3652D5BA73918D27120547C0B8C1F36E04
Reporter abuse_ch
Tags:DiamondFox zip


Avatar
abuse_ch
Malspam distributing DiamondFox:

HELO: mail.mojoka.ml
Sending IP: 45.147.162.226
From: Yumi Weng - TWTPE <admin@mojoka.ml>
Subject: DRAFT HB/L 2007106 林瑞 TO NEW DELHI S/O NO. 7383 CLOSING 07/20 正在寄送電子郵件: 林瑞-1090715-7383-SO
Attachment: DRAFT HBL 2007106 林瑞 TO NEW DELHI SO NO. 7383 CLOSING 07-20 正在寄送電子郵件 林瑞-1090715-7383-SO.zip (contains "DRAFT HBL 2007106 林瑞 TO NEW DELHI SO NO. 7383 CLOSING 07-20 正在寄送電子郵件 林瑞-1090715-7383-SO.scr")

DiamondFox C2:
https://libertygiove.com/lyn/gate.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Daqc-6598201-0
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ddd0441cea1bede537c8d8bf7366f0edb28dac36b5d07a76729eec099dee22a7/
Threat name:
Win32.Trojan.Delf
Create hunting rule
Status:
Malicious
First seen:
2020-07-16 06:39:05 UTC
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3xieihhkdpw6kn6i3c7xgzxq5wzi3lbwwxihu5tst3wathpoektq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

DiamondFox

zip ddd0441cea1bede537c8d8bf7366f0edb28dac36b5d07a76729eec099dee22a7

(this sample)

DiamondFox

Executable exe f771b277221c7b1f569e44b18537b50f406f236412f57e04a9a5cc54f072e519

  
Dropping
MD5 72bb8e802c14c18dc8822db3b15d6e38
  
Dropping
DiamondFox
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f771b277221c7b1f569e44b18537b50f406f236412f57e04a9a5cc54f072e519

Comments