See also – Diamond Fox – part 1: introduction and unpacking
April 6, 2017 by Malwarebytes Labs
In a previous post we made an initial analysis of a Diamond Fox bot delivered by the Nebula Exploit Kit (more about the campaign can be found here). We described the way to unpack the protection layer in order to get the core, written in Visual Basic, that can be decompiled. In this second part of the series, we will take a deeper look into the code and analyze the bot’s features and code design.
Analyzed samples
988e9fa903cc2fbb80e7221072fb2221 – Diamond Fox Crystal (final VB payload)
3ef960da3e4bc4bc7c05d02fbf121d4e – old Diamond Fox (final VB payload)
Changelog
In the release that is sold on the black market, the authors included a changelog describing all versions up to the current one (codenamed Crystal). Below, you can see the related fragment:
Full Article
Take a look at the best antivirus, anti-malware, anti-spy, etc. software
Powered by WPeMatico