svcstealer | 5d810742b237cff382603e72f539db2e9da10200392cdae2814c69570b87e10d | Triage

Submit
Reports

Overview

overview

Static

static

2025-03-31...om.exe

windows7-x64

1

2025-03-31...om.exe

windows10-2004-x64

Sharing

General

Target

2025-03-31_0c346b920e9e8cb2aec79f266136a2c6_black-basta_cobalt-strike_rhadamanthys_satacom
Size

8.2MB
Sample

250331-b6qskstkx8
MD5

0c346b920e9e8cb2aec79f266136a2c6
SHA1

d6d1647b92a99cb2ba4825ff9de3bc9565d2ad2a
SHA256

5d810742b237cff382603e72f539db2e9da10200392cdae2814c69570b87e10d
SHA512

58db68f5fd6662cd680d2c78110cc360500366b1f34416d5673e766337b3306356ecd0bd9e519632b09ad5f4269d6c859aa39c19bf2be87f6e568a6705c0c51a
SSDEEP

196608:AbGj0roFYs/IU8M9onJ5hrZER7QEzv5NFohQ9pavG3S:pjWwI3M9c5hlER8ENPoQ9peG3S

Score

10^/10

svcstealer discovery downloader persistence pyinstaller stealer

Static task

static1

pyinstaller svcstealer

4 signatures

Behavioral task

behavioral1

Sample

2025-03-31_0c346b920e9e8cb2aec79f266136a2c6_black-basta_cobalt-strike_rhadamanthys_satacom.exe

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-03-31_0c346b920e9e8cb2aec79f266136a2c6_black-basta_cobalt-strike_rhadamanthys_satacom.exe

Resource

win10v2004-20250314-en

svcstealer discovery downloader persistence pyinstaller stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

svcstealer

C2

176.113.115.149

185.81.68.156

Targets

- Target
  
  2025-03-31_0c346b920e9e8cb2aec79f266136a2c6_black-basta_cobalt-strike_rhadamanthys_satacom
- Size
  
  8.2MB
- MD5
  
  0c346b920e9e8cb2aec79f266136a2c6
- SHA1
  
  d6d1647b92a99cb2ba4825ff9de3bc9565d2ad2a
- SHA256
  
  5d810742b237cff382603e72f539db2e9da10200392cdae2814c69570b87e10d
- SHA512
  
  58db68f5fd6662cd680d2c78110cc360500366b1f34416d5673e766337b3306356ecd0bd9e519632b09ad5f4269d6c859aa39c19bf2be87f6e568a6705c0c51a
- SSDEEP
  
  196608:AbGj0roFYs/IU8M9onJ5hrZER7QEzv5NFohQ9pavG3S:pjWwI3M9c5hlER8ENPoQ9peG3S
Score

10^/10

svcstealer discovery downloader persistence pyinstaller stealer
- Detects SvcStealer Payload
  SvcStealer aka Diamotrix Clipper is a stealer/downloader written in C++.
- SvcStealer, Diamotrix
  SvcStealer aka Diamotrix Clipper is a stealer/downloader written in C++.
  stealer downloader svcstealer
- Svcstealer family
  svcstealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

pyinstallersvcstealer

behavioral1

behavioral2

svcstealerdiscoverydownloaderpersistencepyinstallerstealer

© 2018-2025

Terms | Privacy