MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e1e2aa5d444fe7edc7021040a8a0a9c2d0cc2a2cc1c9bd92c40af2d2cd3a3324. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

DiamondFox

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	e1e2aa5d444fe7edc7021040a8a0a9c2d0cc2a2cc1c9bd92c40af2d2cd3a3324
SHA3-384 hash:	08561a48a6be19ebbed5c763f63daae3d5e4eb0a756e75e4586ba9e90681ac31e06b6307d3d8a6de4643e18643fe909c
SHA1 hash:	65cd01fdc5e2ed151978066eb90ae4f8bbd9c4c2
MD5 hash:	f482e9c1b442b36c96df427359fc6a1f
humanhash:	william-winner-eleven-autumn
File name:	SecuriteInfo.com.BScope.Trojan.Zbot.01439.30079
Download:	download sample
Signature	DiamondFox Create hunting rule
File size:	251'904 bytes
First seen:	2020-04-16 19:41:26 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	86ab2e0554744142f733772e262c3949 (2 x DiamondFox)
ssdeep	3072:N2GLmQJdOhYgoEU0Luq3EPKjRMVAYksuX0hRe:NH9zA1oEJSuMKlMeYkR0hR
Threatray	251 similar samples on MalwareBazaar
TLSH	D3349E3135D8C172FED7D67489F9EAB14A2ABC624B6451DB1BD90A3F2F243D18A30346
Reporter	SecuriteInfoCom
Tags:	DiamondFox

Intelligence

File Origin

# of uploads :

# of downloads :

101

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Dropper.Spyeye-7678977-0

Gathering data

Threat name:

Win32.Trojan.Kryptik

Status:

Malicious

First seen:

2020-04-16 18:06:12 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

27 of 31 (87.10%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=4hrkuxkej7t63ryccbakrifjylimykrmyhe33eweblznftj2gmsa._file

Verdict:

malicious

DiamondFox

3d569e91d2ca75b52e3baa820cf909bb86e8163fcc8a03a7d88dd37654914cd2

DiamondFox

6d0ea7f49d0cfc2e0ee87a860e99381955f73e0b70a294281c213bb9d3e91822

DiamondFox

7c267f393664ccc38c7a4fb521587e77db7fc7e3a157a9ef5c19783f03a67c76

DiamondFox

9b7b27cad5100d9d7319601260c35ffb71cac9728677c17540c45689d1399479

DiamondFox

b3ded80c7b59052aef7e34aa7e3807c2afef634b11bd884377bed9682a4b9f9d

DiamondFox

c9b99232e093a959beaecf8d48616b40716fa2b9b6eaf25fed234dfe28e8f2fe

DiamondFox

ef0e8df5c700e64d5d2e8dde4c9b5c117abfc919c676ff383019c585e8e367b0

DiamondFox

f568bf60419b138108940953ad0786358b89607db140c3a109f335a12f4c1b72

DiamondFox

f7cd954387c8bb7d14853752c5a02477efc296ae06481ed4367e4e322907e428

DiamondFox

+ 241 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DiamondFox

exe e1e2aa5d444fe7edc7021040a8a0a9c2d0cc2a2cc1c9bd92c40af2d2cd3a3324

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/341407/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
WIN_BASE_API	Uses Win Base API	KERNEL32.dll::TerminateProcess KERNEL32.dll::LoadLibraryW KERNEL32.dll::GetStartupInfoW KERNEL32.dll::GetCommandLineW

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample