MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f7cd954387c8bb7d14853752c5a02477efc296ae06481ed4367e4e322907e428. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DiamondFox


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f7cd954387c8bb7d14853752c5a02477efc296ae06481ed4367e4e322907e428
SHA3-384 hash: 07c0db90069c929652f6b73f0f86cfac8553f6185399661cc0a389ffeb078eddb4c0b2688bcae0dde41fe76b398c48cc
SHA1 hash: 7bd8148cf93b6d5cb996fdddc0548f0c2a8ad63a
MD5 hash: fd9c048a24d2896e2a3dc2cbd921a8fc
humanhash: ink-seven-monkey-summer
File name:arty.exe
Download: download sample
Signature DiamondFox
Create hunting rule
File size:251'904 bytes
First seen:2020-04-16 14:56:37 UTC
Last seen:2020-04-16 15:57:36 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 86ab2e0554744142f733772e262c3949 (2 x DiamondFox)
ssdeep 3072:4UrLmQJdehYgoEvlMR70lkoWMS92IWwJgVAlWyL4BhRe:4Y9zw1oEvWR70l/K2nOgelFL4BhR
Threatray 264 similar samples on MalwareBazaar
TLSH 1934AE2135D0C032F69316748EF5DAA24B2AB8614B2551DFEBDA1B3E2FA47D186F0347
Reporter jarumlus
Tags:DiamondFox

Intelligence

File Origin
# of uploads :
2
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Spyeye-7678977-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-16 15:35:36 UTC
File Type:
PE (Exe)
Extracted files:
22
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=67gzkq4hzc5x2fefg5jmlibeo7x4ffvoazeb5vbwpzhdekih4qua._file
Verdict:
malicious
Similar samples:
0dece9fdaaf9fca84d4ea64f94e789ee03a7a7e663d138327c662c4fc23aa2bb
DiamondFox
2e13c882d28c2236893a0a543e67c74a4f2e560d98c98b800f95c07938156a37
DiamondFox
34e142c3ca75844c48639cfc8f60513d23c02a65addef3bce69f5b49b34277a1
DiamondFox
5ef8714caf9c7296847b67b27edb93c3aec23d7e77b57d23d0e8607d707a2c49
DiamondFox
64e83c8f0cee695c66674a7b244713bf0ad390a77b079d35294f3ac989b937f0
DiamondFox
6d0ea7f49d0cfc2e0ee87a860e99381955f73e0b70a294281c213bb9d3e91822
DiamondFox
7c267f393664ccc38c7a4fb521587e77db7fc7e3a157a9ef5c19783f03a67c76
DiamondFox
c9b99232e093a959beaecf8d48616b40716fa2b9b6eaf25fed234dfe28e8f2fe
DiamondFox
e1e2aa5d444fe7edc7021040a8a0a9c2d0cc2a2cc1c9bd92c40af2d2cd3a3324
DiamondFox
f568bf60419b138108940953ad0786358b89607db140c3a109f335a12f4c1b72
DiamondFox
+ 254 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DiamondFox

Executable exe f7cd954387c8bb7d14853752c5a02477efc296ae06481ed4367e4e322907e428

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/341407/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::GetStartupInfoW
KERNEL32.dll::GetCommandLineW

Comments