General
-
Target
06bef5b61ad007fb027300ed10a02ff9884a082570cde9434829093cfd3b4907
-
Size
3.6MB
-
Sample
250226-yda8razyd1
-
MD5
deb1a85e75c8f9e45da43bb6acdaba0f
-
SHA1
c8ed700525263859e3c249a619e5043746c3c1ca
-
SHA256
06bef5b61ad007fb027300ed10a02ff9884a082570cde9434829093cfd3b4907
-
SHA512
08b983b15563cb5bdad328fb1dc9d98bd4c67f8ad20001f41609f317dbc76b1bef0b00bfec0f5eaaa3b7da57465fa15d96a15ae5f07c962d637ce2953c15b2ab
-
SSDEEP
49152:Gj7p0URkU0wQxMYC7H0b4m5wV61FqaJm41+kpfLDE4D5TVa0IV71YtF1:Gh9H0W610a3pfsYGVp
Malware Config
Extracted
svcstealer
176.113.115.149
185.81.68.156
Extracted
svcstealer
3.0
185.81.68.156
176.113.115.149
-
url_paths
/svcstealer/get.php
Targets
-
-
Target
06bef5b61ad007fb027300ed10a02ff9884a082570cde9434829093cfd3b4907
-
Size
3.6MB
-
MD5
deb1a85e75c8f9e45da43bb6acdaba0f
-
SHA1
c8ed700525263859e3c249a619e5043746c3c1ca
-
SHA256
06bef5b61ad007fb027300ed10a02ff9884a082570cde9434829093cfd3b4907
-
SHA512
08b983b15563cb5bdad328fb1dc9d98bd4c67f8ad20001f41609f317dbc76b1bef0b00bfec0f5eaaa3b7da57465fa15d96a15ae5f07c962d637ce2953c15b2ab
-
SSDEEP
49152:Gj7p0URkU0wQxMYC7H0b4m5wV61FqaJm41+kpfLDE4D5TVa0IV71YtF1:Gh9H0W610a3pfsYGVp
Score10/10-
Detects SvcStealer Payload
SvcStealer aka Diamotrix Clipper is a stealer/downloader written in C++.
-
SvcStealer, Diamotrix
SvcStealer aka Diamotrix Clipper is a stealer/downloader written in C++.
-
Svcstealer family
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2