MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 f771b277221c7b1f569e44b18537b50f406f236412f57e04a9a5cc54f072e519. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
DiamondFox
Vendor detections: 4
| SHA256 hash: | f771b277221c7b1f569e44b18537b50f406f236412f57e04a9a5cc54f072e519 |
|---|---|
| SHA3-384 hash: | 68e3284a22ab65817c310d480e887467ed720f9f3f19265b49582b94aedb980855e3017ddd9e2e1864d946541b903459 |
| SHA1 hash: | ca47292b04a271bc7dbb09cf8bb966eaa478783d |
| MD5 hash: | 72bb8e802c14c18dc8822db3b15d6e38 |
| humanhash: | bluebird-double-william-vegan |
| File name: | DRAFT HBL 2007106 林瑞 TO NEW DELHI SO NO. 7383 CLOSING 07-20 正在寄送電子郵件 林瑞-1090715-7383-SO.scr |
| Download: | download sample |
| Signature | DiamondFox |
| File size: | 587'264 bytes |
| First seen: | 2020-07-16 06:37:21 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 9f24c32fbb9fcdef16773efcde23b409 (3 x AgentTesla, 2 x NanoCore, 1 x QuasarRAT) |
| ssdeep | 12288:M1bl3SKiQ9X5M1EL6GgmV5hT82Hnb6tYllm2t6FA7WUY:GVoQ9EWe23Q0b6tYWu7G |
| Threatray | 1'879 similar samples on MalwareBazaar |
| TLSH | 6BC49E2EF2AC0477D17316789C3B9778A83ABE1039285D876BE55C4C6F39341396B293 |
| Reporter |  abuse_ch |
| Tags: | DiamondFox scr |
abuse_ch
Malspam distributing DiamondFox:HELO: mail.mojoka.ml
Sending IP: 45.147.162.226
From: Yumi Weng - TWTPE <admin@mojoka.ml>
Subject: DRAFT HB/L 2007106 林瑞 TO NEW DELHI S/O NO. 7383 CLOSING 07/20 正在寄送電子郵件: 林瑞-1090715-7383-SO
Attachment: DRAFT HBL 2007106 林瑞 TO NEW DELHI SO NO. 7383 CLOSING 07-20 正在寄送電子郵件 林瑞-1090715-7383-SO.zip (contains "DRAFT HBL 2007106 林瑞 TO NEW DELHI SO NO. 7383 CLOSING 07-20 正在寄送電子郵件 林瑞-1090715-7383-SO.scr")
DiamondFox C2:
https://libertygiove.com/lyn/gate.php
Intelligence
File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a window
Unauthorized injection to a recently created process
Launching a process
Creating a process with a hidden window
Creating a file
Creating a process from a recently created file
Threat name:
Win32.Infostealer.Fareit
Status:
Malicious
First seen:
2020-07-16 04:40:48 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
5/5
Detection(s):
Suspicious file
Verdict:
suspicious
Similar samples:
+ 1'869 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
5/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Program crash
Suspicious use of SetThreadContext
Suspicious use of SetThreadContext
Loads dropped DLL
Drops startup file
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.