MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bac6740d34d98de0a9ac41fcdcfd45d58f6617efb7b6aca2fc6555ca95a1fd6d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DiamondFox


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bac6740d34d98de0a9ac41fcdcfd45d58f6617efb7b6aca2fc6555ca95a1fd6d
SHA3-384 hash: 5138457c2a2611f1969b5737cf9b86ba70aa07beb0e6f80e39257f5963677130e30857120f38ecfdd75365791c5d49d8
SHA1 hash: 9cbc4fe2a5ef4f39d3ddf9fc13ef25306231f866
MD5 hash: a90fe76c1c060b6bbe322566ca953064
humanhash: maryland-arkansas-california-ohio
File name:SecuriteInfo.com.generic.ml.24907
Download: download sample
Signature DiamondFox
Create hunting rule
File size:174'080 bytes
First seen:2020-03-28 11:00:44 UTC
Last seen:2020-05-06 17:17:00 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 8f01766420101b0f9c115247c882e767 (1 x DiamondFox)
ssdeep 3072:ecW5HZTTBQJ1+qYpQltjb19GGnJLnDrZZUCR0RA:vcXQJ1+jpAtjb1zJLPUC
TLSH 5D042A0BB3E308FDC657913582E7E732A531F0151328BE2E1AA4DF332D65C645B6E968
Reporter SecuriteInfoCom
Tags:DiamondFox

Intelligence

File Origin
# of uploads :
2
# of downloads :
101
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.generic.ml.24907.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win64.Trojan.Kapers
Create hunting rule
Status:
Malicious
First seen:
2020-03-28 09:34:08 UTC
File Type:
PE+ (Exe)
AV detection:
21 of 31 (67.74%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xldhidju3gg6bknmih6nz7kf2whwmf7pw63kzix4mvk4vfnb7vwq._file
Verdict:
suspicious
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DiamondFox

Executable exe bac6740d34d98de0a9ac41fcdcfd45d58f6617efb7b6aca2fc6555ca95a1fd6d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/331294/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/358437/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
GDI_PLUS_APIInterfaces with Graphicsgdiplus.dll::GdiplusStartup
gdiplus.dll::GdiplusShutdown
gdiplus.dll::GdipGetImageEncoders
gdiplus.dll::GdipGetImageEncodersSize
gdiplus.dll::GdipAlloc
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CloseHandle
WININET.dll::InternetCloseHandle
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::GetStartupInfoA
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::DeleteFileA

Comments