MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a81accafde181c4afdc35a0c9221f12aafaf2b6b3351dde1f4cb4d7ef25355fc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

DiamondFox

Vendor detections: 6

Intelligence 6 IOCs 1 YARA File information Comments

SHA256 hash:	a81accafde181c4afdc35a0c9221f12aafaf2b6b3351dde1f4cb4d7ef25355fc
SHA3-384 hash:	4b1ef70ac075e0d940f547e6a79b8f8ead2c95e2847a1cfc1a76562c011cae4b1c3877ec779cbcf7d0042f65ff94899e
SHA1 hash:	1a70403efc279a97c3e0f4950d51d6143de40a71
MD5 hash:	f8152034e041cda8a8a13aacd63cabcf
humanhash:	failed-ack-california-alpha
File name:	F8152034E041CDA8A8A13AACD63CABCF.exe
Download:	download sample
Signature	DiamondFox Create hunting rule
File size:	646'144 bytes
First seen:	2021-08-15 05:45:16 UTC
Last seen:	2021-08-15 06:38:41 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	d0f5faff0d9a42cffdcdc1bfda477ddc (2 x DiamondFox, 1 x RaccoonStealer, 1 x RedLineStealer)
ssdeep	12288:O36SNp0mWujf19flaiR6+mgGak6H3lP3XJik0YhBhrLZ0:O3Z945+876j0KDrt0
Threatray	7 similar samples on MalwareBazaar
TLSH	T13AD45A3155A4F866F4A50CB8A1A6E3B698386F758AD78053F2B47B3F86323C17C60537
dhash icon	31f8ce8282c0e001 (3 x DiamondFox, 3 x AgentTesla, 2 x RedLineStealer)
Reporter	abuse_ch
Tags:	DiamondFox exe

abuse_ch

DiamondFox C2:
185.53.46.25:38743

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
185.53.46.25:38743	https://threatfox.abuse.ch/ioc/186188/

Intelligence

File Origin

# of uploads :

2

# of downloads :

189

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

F8152034E041CDA8A8A13AACD63CABCF.exe

Verdict:

No threats detected

Analysis date:

2021-08-15 05:47:09 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/ca1615f2-19b6-4dae-916c-eb6788b4570b

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/179307/

Detection(s):

SecuriteInfo.com.Variant.Zusy.397336.28232.28653.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Connection attempt

Sending an HTTP GET request

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/bfd8b069-6a1e-4986-b172-ac6d575ae442

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/833083

Signature

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a81accafde181c4afdc35a0c9221f12aafaf2b6b3351dde1f4cb4d7ef25355fc/

Threat name:

Win32.Trojan.Bsymem

Status:

Malicious

First seen:

2021-08-12 03:51:36 UTC

AV detection:

8 of 28 (28.57%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=vanmzl66daoev7odligjeiprfkx26k3lgni53ypuzngx54stkx6a._file

Verdict:

unknown

Similar samples:

31452b50fe8475fa4566b814ed702c6910029ff66db45d3dbb21c2e3ed63594f

39326cdd0c863e1766ecc3d119ec18fdaa93ef886cfbc887f76784f745df73e4

41ce43aa875bf977ec9eb039e5853ade1af522dd0dff4f19282f6c8038ae2dff

e98c43697773e717610341e0a6f514f165dae8744e0376aef6dfd4054aa50bf9

f70d4b4fc9941796d149798614345b8e8bf6e0c69022ac407cb8b03bf26fdc7c

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210815-m5r48h2pf2/

Unpacked files

SH256 hash:

a81accafde181c4afdc35a0c9221f12aafaf2b6b3351dde1f4cb4d7ef25355fc

MD5 hash:

f8152034e041cda8a8a13aacd63cabcf

SHA1 hash:

1a70403efc279a97c3e0f4950d51d6143de40a71

Link:

https://www.unpac.me/results/cd8244d3-6d71-4c2d-9672-b1546dfd16e5/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/a81accafde18/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/a81accafde181c4afdc35a0c9221f12aafaf2b6b3351dde1f4cb4d7ef25355fc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/179307/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample