svcstealer | 2c61dde5725a101730875651c73edeafab4ffb4b1992413946f22df16387b3a4

Sharing

Copy URL

Twitter E-mail

General

Target

2c61dde5725a101730875651c73edeafab4ffb4b1992413946f22df16387b3a4
Size

271KB
MD5

b44b3d9ccfae48f868ee02ea90b10410
SHA1

a2dfb716051e8dd0e9e5de3b9e3cd57fba26f39b
SHA256

2c61dde5725a101730875651c73edeafab4ffb4b1992413946f22df16387b3a4
SHA512

61261dbd7f0668e29162b3313c85171acb50070b419be3f0806f7d8f1c9935e1ea94cb4777c2a261b10b98d80d717b47586fa2a6f432b320a39f007a4496391b
SSDEEP

6144:359gMgmoFw5553f2R6QoKBTad4cuDQR4Uxrt1VJ:3rgMgm+w7diouERj

Score

10^/10

svcstealer

Malware Config

Extracted

Family

svcstealer

176.113.115.149

185.81.68.156

Signatures

Detects SvcStealer Payload 1 IoCs

SvcStealer aka Diamotrix Clipper is a stealer/downloader written in C++.

resource	yara_rule
sample	family_svcstealer

Svcstealer family
svcstealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c61dde5725a101730875651c73edeafab4ffb4b1992413946f22df16387b3a4

Files

2c61dde5725a101730875651c73edeafab4ffb4b1992413946f22df16387b3a4
.dll windows:6 windows x64 arch:x64

2476530fba9aa57cb7ee0690088f81db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
GetLastError
HeapAlloc
GetProcessHeap
Sleep
TerminateProcess
CreateThread
ResumeThread
GetThreadContext
SetThreadContext
lstrcatA
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
CreateToolhelp32Snapshot
GetCurrentProcess
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualQuery
HeapCreate
HeapReAlloc
HeapFree
GetCurrentProcessId
GetCurrentThreadId
OpenThread
SuspendThread
FlushInstructionCache
VirtualProtect
GetModuleHandleW
Thread32First
Thread32Next
EnterCriticalSection
LeaveCriticalSection
CreateDirectoryA
SetFileAttributesA
GetWindowsDirectoryA
GetVolumeInformationA
GlobalAlloc
GlobalLock
GlobalUnlock
Module32First
Module32Next
FlushFileBuffers
WriteConsoleW
SetStdHandle
WriteFile
CreateFileW
HeapDestroy
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LoadLibraryW
LoadLibraryExW
OutputDebugStringW
EnumSystemLocalesEx
IsValidLocaleName
LCMapStringEx
GetUserDefaultLocaleName
CompareStringEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount64
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleFileNameA
InitOnceExecuteOnce
GetFileType
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
GetLocaleInfoEx
GetStringTypeW
RaiseException
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetStdHandle
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapSize
IsValidCodePage
GetACP
GetOEMCP
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetStartupInfoW

user32

wsprintfA

shell32

SHGetFolderPathA

ntdll

RtlLookupFunctionEntry
RtlUnwindEx
RtlCaptureContext
RtlVirtualUnwind
RtlPcToFileHeader

wininet

InternetCloseHandle
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpSendRequestA
InternetReadFile

Exports

Exports

?ReflectiveLoader@@YA_KXZ

Sections

.text
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

2476530fba9aa57cb7ee0690088f81db

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ntdll

wininet

Exports

Exports

Sections

.text Size: 178KB - Virtual size: 178KB

.rdata Size: 52KB - Virtual size: 52KB

.data Size: 16KB - Virtual size: 56KB

.pdata Size: 14KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 178KB - Virtual size: 178KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 16KB - Virtual size: 56KB

.pdata
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 8KB - Virtual size: 8KB