svcstealer | 7ef48d31b3c9cc5b2104a48159798474f9b79e9d336a64df9220ad93f28b14c0 | Triage

Submit
Reports

Overview

overview

Static

static

SeedChecker6.exe

windows7-x64

SeedChecker6.exe

windows10-2004-x64

Sharing

General

Target

SeedChecker6.exe
Size

22.4MB
Sample

250309-lp8beazvcy
MD5

9ab945e80efc5fad000a94a77465cc6c
SHA1

e60f7d0f3233b1c3053d51e661b94fb557eaa247
SHA256

7ef48d31b3c9cc5b2104a48159798474f9b79e9d336a64df9220ad93f28b14c0
SHA512

044ecd4736b7051af979e0f103f89ceb35105cf2be770f33a0772fdb8054d8fa2f9f5337629a6e3211657cebf8eb6fddccaadaf2d00d6bbc5ca2f71780a45a15
SSDEEP

393216:NKvFfBDdk/pSKafXTTAgOmsZTXhKbRXGBEWBVu4WRryVJGjFFqW4gwcS9:NWF5e/0KafXTENmojhcyEWToryVJ0Fo7

Score

10^/10

svcstealer downloader persistence stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

SeedChecker6.exe

Resource

win7-20240903-en

svcstealer downloader persistence stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

SeedChecker6.exe

Resource

win10v2004-20250217-en

svcstealer downloader persistence stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

svcstealer

C2

http://185.81.68.156/bin/bot64.bin

Targets

- Target
  
  SeedChecker6.exe
- Size
  
  22.4MB
- MD5
  
  9ab945e80efc5fad000a94a77465cc6c
- SHA1
  
  e60f7d0f3233b1c3053d51e661b94fb557eaa247
- SHA256
  
  7ef48d31b3c9cc5b2104a48159798474f9b79e9d336a64df9220ad93f28b14c0
- SHA512
  
  044ecd4736b7051af979e0f103f89ceb35105cf2be770f33a0772fdb8054d8fa2f9f5337629a6e3211657cebf8eb6fddccaadaf2d00d6bbc5ca2f71780a45a15
- SSDEEP
  
  393216:NKvFfBDdk/pSKafXTTAgOmsZTXhKbRXGBEWBVu4WRryVJGjFFqW4gwcS9:NWF5e/0KafXTENmojhcyEWToryVJ0Fo7
Score

10^/10

svcstealer downloader persistence stealer
- Detects SvcStealer Payload
  SvcStealer aka Diamotrix Clipper is a stealer/downloader written in C++.
- SvcStealer, Diamotrix
  SvcStealer aka Diamotrix Clipper is a stealer/downloader written in C++.
  stealer downloader svcstealer
- Svcstealer family
  svcstealer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

svcstealerdownloaderpersistencestealer

behavioral2

svcstealerdownloaderpersistencestealer

© 2018-2025

Terms | Privacy