MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6d0ea7f49d0cfc2e0ee87a860e99381955f73e0b70a294281c213bb9d3e91822. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DiamondFox


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6d0ea7f49d0cfc2e0ee87a860e99381955f73e0b70a294281c213bb9d3e91822
SHA3-384 hash: 89f38ce66f06ba6b0d3808fcf3fec7c25fd0183703fa7209e11a864232a6aab7899a2a591260126acf4b40df81ba1e8c
SHA1 hash: f2ab1db13f07256dc06ade917f6de3cd62e5e971
MD5 hash: 142bc0af8ed2b0793ee9e973a9264a15
humanhash: kitten-paris-wolfram-salami
File name:SecuriteInfo.com.Generic.mg.142bc0af8ed2b079.23532
Download: download sample
Signature DiamondFox
Create hunting rule
File size:259'072 bytes
First seen:2020-04-17 03:34:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7ca5f38e233f51923bcbc14ad17ef80f (1 x DiamondFox)
ssdeep 3072:/L7PqQB9uwG8P4TJpUF3oJi78w7G9vgsO0GJV16hRJUE:/f9rxqJCYJi78w7G9IFxJOhR
Threatray 257 similar samples on MalwareBazaar
TLSH B1449D2131D4C072E693DA7489B5C6F64B2AFC564B6051CF6BE92B3E2F31ED19A30346
Reporter SecuriteInfoCom
Tags:DiamondFox

Intelligence

File Origin
# of uploads :
1
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Spyeye-7678977-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-17 00:40:51 UTC
File Type:
PE (Exe)
Extracted files:
24
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nuhkp5e5bt6c4dxipkda5gjydfk7opqlocrjika4ee53tu7jdara._file
Verdict:
malicious
Similar samples:
3d569e91d2ca75b52e3baa820cf909bb86e8163fcc8a03a7d88dd37654914cd2
DiamondFox
7c267f393664ccc38c7a4fb521587e77db7fc7e3a157a9ef5c19783f03a67c76
DiamondFox
9b7b27cad5100d9d7319601260c35ffb71cac9728677c17540c45689d1399479
DiamondFox
b3ded80c7b59052aef7e34aa7e3807c2afef634b11bd884377bed9682a4b9f9d
DiamondFox
b936e7fcab055b4ac4f2afac1ae971753efc923f8b234b141049c095fa983517
DiamondFox
c9b99232e093a959beaecf8d48616b40716fa2b9b6eaf25fed234dfe28e8f2fe
DiamondFox
e1e2aa5d444fe7edc7021040a8a0a9c2d0cc2a2cc1c9bd92c40af2d2cd3a3324
DiamondFox
ef0e8df5c700e64d5d2e8dde4c9b5c117abfc919c676ff383019c585e8e367b0
DiamondFox
f568bf60419b138108940953ad0786358b89607db140c3a109f335a12f4c1b72
DiamondFox
f7cd954387c8bb7d14853752c5a02477efc296ae06481ed4367e4e322907e428
DiamondFox
+ 247 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DiamondFox

Executable exe 6d0ea7f49d0cfc2e0ee87a860e99381955f73e0b70a294281c213bb9d3e91822

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/341407/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::GetStartupInfoW
KERNEL32.dll::GetCommandLineA

Comments