MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e63f3efc1462f054169998d9bdb7e5b2ca0cb78b393e978880458965472f76de. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

DiamondFox

Vendor detections: 7

Intelligence 7 IOCs 1 YARA File information Comments

SHA256 hash:	e63f3efc1462f054169998d9bdb7e5b2ca0cb78b393e978880458965472f76de
SHA3-384 hash:	42852d2d5884072ca99e02b5d38eeac8f317b0136d82729ec4fe4cfff915b7ff8899f67f4ca4d6286a4674433b2db17f
SHA1 hash:	78bbe7d94bc5f3f3f7fa61c547aba86882d0af55
MD5 hash:	e425990e2dfd772af2eb898b2bd04bd5
humanhash:	sixteen-moon-twelve-utah
File name:	E425990E2DFD772AF2EB898B2BD04BD5.exe
Download:	download sample
Signature	DiamondFox Create hunting rule
File size:	5'754'470 bytes
First seen:	2021-09-06 22:06:56 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	32569d67dc210c5cb9a759b08da2bdb3 (122 x RedLineStealer, 42 x DiamondFox, 37 x RaccoonStealer)
ssdeep	98304:xfrRBIZXtvu4BmcHzF6dU98xmkFILPlKDtjZNlh8/zTNX+FB+pr5HWCY9Wr/G:xfrRqZXjmWmtxmkSLPkDXN0Tp+Fur5lk
Threatray	514 similar samples on MalwareBazaar
TLSH	T1AC463365BDFA64BBD1A20070F63C6BB262F0474809510CEB47448B6E3FF8785B97DA49
dhash icon	848c5454baf47474 (2'088 x Adware.Neoreklami, 101 x RedLineStealer, 33 x DiamondFox)
Reporter	abuse_ch
Tags:	DiamondFox exe

abuse_ch

DiamondFox C2:
http://45.142.215.237/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
http://45.142.215.237/	https://threatfox.abuse.ch/ioc/216755/

Intelligence

File Origin

# of uploads :

# of downloads :

170

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

E425990E2DFD772AF2EB898B2BD04BD5.exe

Verdict:

No threats detected

Analysis date:

2021-09-06 22:35:59 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/d775cdc5-5ac0-4d87-8c30-889ceab5d289

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/185740/

Detection(s):

Win.Packed.Jaik-9863991-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the %temp% subdirectories

Creating a process from a recently created file

Searching for the window

Creating a file

Deleting a recently created file

Running batch commands

Connection attempt

Sending a custom TCP request

DNS request

Sending an HTTP GET request

Launching a process

Sending a UDP request

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/154cd03a-1094-41a4-8ecb-a6d6f4716cc5

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e63f3efc1462f054169998d9bdb7e5b2ca0cb78b393e978880458965472f76de/

Threat name:

Win32.Trojan.Fragtor

Status:

Malicious

First seen:

2021-09-02 11:03:54 UTC

AV detection:

13 of 28 (46.43%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=4y7t57aumlyfifuztdm33n7fwlfazn4lhe7jpceaiwewkrzpo3pa._file

Verdict:

malicious

DiamondFox

3b15547e53d7254ec42974dc5a1d7b72cffd722a41114944b5606a845be7b76d

DiamondFox

6bd2d5f2630ce91d3d93d5a686d0ea381b6efa2b25d0dbd0f509a17f7ed3788d

DiamondFox

96b3a6f88bebb213230bd38f95804466296c238e0774861ceec6ad4424dcfb45

DiamondFox

9cf8a802217928175088777f3f886dde3cba71c0a5c427ed169e24581e1c7a9b

DiamondFox

a8d8a6f9478a60a05d3b8c57a616da20c83b99bc7877c46163fcd126bbb25409

DiamondFox

d2d90f02ccd7c3fd1b46d667081529a1af8172e4a51feda461c8d250081c3548

DiamondFox

f25e4213555bb2e557f66fb99d91a03972c1882ca8c2ac8748e25fc09798e2be

DiamondFox

+ 504 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

aspackv2

Link:

https://tria.ge/reports/210906-11m7yaefhr/

Behaviour

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Loads dropped DLL

ASPack v2.12-2.42

Executes dropped EXE

Unpacked files

SH256 hash:

5f463952815ce4f763e9f4b3b72ed70ad82f74a69a271fc2b1588055c3fec4cc

MD5 hash:

21775ff041e7277d87aa8fdf1e09da6c

SHA1 hash:

6dd1d6716cb93adef6c9b39490a79e77fd5396c9

Link:

https://www.unpac.me/results/b67e7e01-77c3-4e11-a039-b71617b68985/

SH256 hash:

5b32329ce4a78303faf21a982e8ad46513fc9a9b060ea8326d69d72b09d199df

MD5 hash:

d38ee68e93f14fcc0ea2d68aeb88a19a

SHA1 hash:

2519d77c92429ce325d30eb592ed28b903170571

Link:

https://www.unpac.me/results/b67e7e01-77c3-4e11-a039-b71617b68985/

SH256 hash:

e427f8ef21691e3d8c2313d11129ad08ddef69a158eca2f77c170603478ff0c4

MD5 hash:

0dedd909aae9aa0a89b4422106310e9e

SHA1 hash:

271d36afa5b729ee590cf8066166ca5e9c9d0340

Link:

https://www.unpac.me/results/b67e7e01-77c3-4e11-a039-b71617b68985/

SH256 hash:

3a82d7283a7d129ed2472a4a05f4c6482b8f399d513131de8fab3b8fc43dc3bc

MD5 hash:

4c48b9d4bacd286de91f6987c7438943

SHA1 hash:

f9c47969c194c0f4bed06b89cd9394bca8166685

Link:

https://www.unpac.me/results/b67e7e01-77c3-4e11-a039-b71617b68985/

SH256 hash:

bd642dfc87e417b58528c59165a12df89c3b19d170e91167b5c04e8e6d875bbe

MD5 hash:

6d506f041c46f9934dded0973caa97f0

SHA1 hash:

f48911495d61a7072c353202134a0321f9a1bef8

Link:

https://www.unpac.me/results/b67e7e01-77c3-4e11-a039-b71617b68985/

SH256 hash:

498944efaa6db3367630d509c70e0c38dbd6a4866aff12c74b4fad11be8457d0

MD5 hash:

a483f99dbd6e0736b1633ff974f8cabf

SHA1 hash:

e215abd888bddf7f9a60c676ff6bce1f3be443d9

Link:

https://www.unpac.me/results/b67e7e01-77c3-4e11-a039-b71617b68985/

SH256 hash:

c6b27043e32354f111a6080ca0e96b8fa0a334f92b538cdfc8dc297380479d08

MD5 hash:

10c90ba5a47c8c640e814a37f5901a9e

SHA1 hash:

de2b4ac96d10e59b0abe48c660b6d74dcdbe2f50

Link:

https://www.unpac.me/results/b67e7e01-77c3-4e11-a039-b71617b68985/

SH256 hash:

606d3d9365f40fee12e9fc577ae5bf4cd42d502f4758320cdab01b53a7e0d4b8

MD5 hash:

51894ed4e7fec456b08027e2e6620386

SHA1 hash:

bbffdd90f9a5644086006734e03c15ac28db1ae9

Link:

https://www.unpac.me/results/b67e7e01-77c3-4e11-a039-b71617b68985/

SH256 hash:

fbffb84931a267fab6c24cf08723fa029cb85c2315f01d5b1f41922350adb831

MD5 hash:

052270e8e9cfb3512932e0df484caef4

SHA1 hash:

85305fee690beea8458bab5d55d0368c47340501

Link:

https://www.unpac.me/results/b67e7e01-77c3-4e11-a039-b71617b68985/

SH256 hash:

96aebb504a87e240a46e3e6b0cdfbaf6fc1e846e22a6fc2393c45c3208184f6c

MD5 hash:

d2c1d7aae1a68dfc796d0740a341740b

SHA1 hash:

400e51592995edb266d84b0c7db1f41fdb3dc342

Link:

https://www.unpac.me/results/b67e7e01-77c3-4e11-a039-b71617b68985/

SH256 hash:

f790dfc4d9464969dc9ad110f567082e54c3235840752738e7eade75545d1692

MD5 hash:

1febc921439aa09d76eae06b4dec04d7

SHA1 hash:

1e165d6a13e0a102902222c13f46332d7ffee4c4

Link:

https://www.unpac.me/results/b67e7e01-77c3-4e11-a039-b71617b68985/

SH256 hash:

61c5fcaa49f0d49c151aed1076625455a245150942dd292a29182d8ca1ce6bfc

MD5 hash:

b00957824ab7790185ec07c6e6face35

SHA1 hash:

1107b6a89474fe310fcdd0589a628a06eef5c264

Link:

https://www.unpac.me/results/b67e7e01-77c3-4e11-a039-b71617b68985/

SH256 hash:

aff5052dcaceac8cc0d97983c19091be8f1d2fa3b2ea4f649adf0c16855bc8b8

MD5 hash:

b32e81cfce4fb1d3a87156891c95e35c

SHA1 hash:

9a1b6b18d71016d4b7ebe5abbfaaa204d51ece86

Link:

https://www.unpac.me/results/b67e7e01-77c3-4e11-a039-b71617b68985/

SH256 hash:

e173de6e79423d659886704dcaaf5848078ced4e14e0772e4f1e7b3931bb0862

MD5 hash:

95f9e24e7dd90ee5892743c58801db9f

SHA1 hash:

f107fcd45e57e7b71193f1f1777b8377f5d3cda1

Link:

https://www.unpac.me/results/b67e7e01-77c3-4e11-a039-b71617b68985/

SH256 hash:

e621e23cf07ea962557bce0f28940a8283135de86d3fd3d520d58115a8484982

MD5 hash:

35959e37d587e649357c57c2c5797a93

SHA1 hash:

b3f2ef17f1c45e34ea84a70285a14672034a97ae

Link:

https://www.unpac.me/results/b67e7e01-77c3-4e11-a039-b71617b68985/

SH256 hash:

4266165affda48b7a0fc19e67760e2d0ff275bf5f66d463acdf89c17362c3022

MD5 hash:

6e5515bdee2907426548266c47390abc

SHA1 hash:

105000cfd2dcd2e5f5f5f9e1f5ab4eff4626473e

Link:

https://www.unpac.me/results/b67e7e01-77c3-4e11-a039-b71617b68985/

SH256 hash:

c8040666dfc672d25ad082c69e3ba73dd9f012e253a6a3dbb5f24d28ff816575

MD5 hash:

4cd8a3d2d2392735aa89b8d985b479a2

SHA1 hash:

ffde7e9becc0b6ce67829fa8cb7f3d25d44a7028

Detections:

win_oski_g0

Link:

https://www.unpac.me/results/b67e7e01-77c3-4e11-a039-b71617b68985/

Parent samples :

8303c9a626d7edb090bdd8f0d128fc887b7fa36b0dfc43a7f71dcb5b34b1bbab
ecc23ade7514bff1e172b9a02c27572a66e0d16bb68b4927198dc091abf1c982
f25e4213555bb2e557f66fb99d91a03972c1882ca8c2ac8748e25fc09798e2be
022fc71a6661ab3d6efc0f7d3e560a05cceb22b31081e7cb5d882b01921d5e38
4468428f16aeb36c8c1a53f40c68806473201d37d94b6ac8f1c0d324d1e17006
96b3a6f88bebb213230bd38f95804466296c238e0774861ceec6ad4424dcfb45
3542020f73e24ff693b50a375bbd366e6b6ca4cd4fd93bd15403e4cc70d91756
9cf8a802217928175088777f3f886dde3cba71c0a5c427ed169e24581e1c7a9b
e63f3efc1462f054169998d9bdb7e5b2ca0cb78b393e978880458965472f76de
8896b158ac271c269cfea637cd9402db48676eeef02b9d694d5c9f0eaeb3dbb0
1f2a3d598734fe566de2054f3c73fd2245fc6023f0740bdbae88a076f508ebd2
18f74890fef60f1e18d5b1d0b43f100c69b430445187d672bbedf46aff687d09
74bafd56c1fb3cdebf0a63de4ffb6f16dc1d5cee38e11ab0d2bc2614538da65f
07c18e8e0f92e75367df02c4114947b038e86fcbc7c8e5a77df739deb955263a
3d898349908143bef8f7652dada13c6075f84af469349be709b1d33d2ddf6672

SH256 hash:

86c92835813514910d7bf348959479bf272d020e77bfe8b60d95da1335eef870

MD5 hash:

f6534d0ad145399232a11ba2cc2ee690

SHA1 hash:

d10cdd520502d3b6882dc93930429643958e2610

Link:

https://www.unpac.me/results/b67e7e01-77c3-4e11-a039-b71617b68985/

SH256 hash:

63d0da6a76aba9cac454854867810bd06617c54f98e3ca126533ef36b7d77d2e

MD5 hash:

ac07ee9a3be688d5c09c6ab2d58dff7e

SHA1 hash:

92b9c78845799739dcd98d73deb6721f52bea4b5

Link:

https://www.unpac.me/results/b67e7e01-77c3-4e11-a039-b71617b68985/

SH256 hash:

9919b8a85d1e6ce1c51c90fd5500cac694166c40b7d9482179821e62615eca88

MD5 hash:

ff2901d02ed1b9c8e6ddaaa338211334

SHA1 hash:

5320c20688a431faae9affb4dad1430691f2eff2

Link:

https://www.unpac.me/results/b67e7e01-77c3-4e11-a039-b71617b68985/

SH256 hash:

7c27f004a0e1d68e5c0faf467870c275d7e3f754866f3209da22d403ae0d1781

MD5 hash:

3c9db2fbc74a153d6d031a59e8d9bb52

SHA1 hash:

67705b1ee1717f96ae8338d4f8d4d28161146a94

Link:

https://www.unpac.me/results/b67e7e01-77c3-4e11-a039-b71617b68985/

SH256 hash:

d2c569b7d7aa49686215a7c534c7431b51fd31898f72fd70774f2ec6f6c7939c

MD5 hash:

fd0a8aa4b75840770b3837d512c6e308

SHA1 hash:

23dc20dee595ca6623c1cdc66d1921289f6f8344

Link:

https://www.unpac.me/results/b67e7e01-77c3-4e11-a039-b71617b68985/

SH256 hash:

219bbb5c08b803c886719b83a8653d314721ac94ca619b7018a5caf6d3b4b910

MD5 hash:

53e5b504601b8973a76bd6302d69320f

SHA1 hash:

000a18e0be8d81d1e7778ddb998356bc1df182cb

Link:

https://www.unpac.me/results/b67e7e01-77c3-4e11-a039-b71617b68985/

SH256 hash:

e63f3efc1462f054169998d9bdb7e5b2ca0cb78b393e978880458965472f76de

MD5 hash:

e425990e2dfd772af2eb898b2bd04bd5

SHA1 hash:

78bbe7d94bc5f3f3f7fa61c547aba86882d0af55

Link:

https://www.unpac.me/results/b67e7e01-77c3-4e11-a039-b71617b68985/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/e63f3efc1462/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

iSpy Keylogger

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/e63f3efc1462f054169998d9bdb7e5b2ca0cb78b393e978880458965472f76de

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/185740/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample