General
-
Target
USDT Token Flasher v1.2.zip
-
Size
5.8MB
-
Sample
250406-fa8eza11gx
-
MD5
8adbcd39b6b49c2b5909500d75edf34c
-
SHA1
4bf0cb3e55646aca0131bbc231ab48945e8e8fdd
-
SHA256
e9351ddc6fed8b30ea643f8a1c689138290f4ad73948a684f1735a4f85c6c668
-
SHA512
a7b48b61134a887476f65e8ce4098521ae32af3be772207309eb9abd3fefd0f508792c248ab45d394ebf076de74860651ed12932e18fad89f56b9b9f001a39fd
-
SSDEEP
98304:1Vk1qNvqlY+AJSqdGmwfRTYLEFR/31xoT2uDImOsQPkrHLncYDafBg:Lk1qNq5AJuRT8qJ3kNDQM7D3GfBg
Malware Config
Targets
-
-
Target
USDT Token Flasher v1.2.zip
-
Size
5.8MB
-
MD5
8adbcd39b6b49c2b5909500d75edf34c
-
SHA1
4bf0cb3e55646aca0131bbc231ab48945e8e8fdd
-
SHA256
e9351ddc6fed8b30ea643f8a1c689138290f4ad73948a684f1735a4f85c6c668
-
SHA512
a7b48b61134a887476f65e8ce4098521ae32af3be772207309eb9abd3fefd0f508792c248ab45d394ebf076de74860651ed12932e18fad89f56b9b9f001a39fd
-
SSDEEP
98304:1Vk1qNvqlY+AJSqdGmwfRTYLEFR/31xoT2uDImOsQPkrHLncYDafBg:Lk1qNq5AJuRT8qJ3kNDQM7D3GfBg
Score4/10 -
-
-
Target
USDT Flasher.exe
-
Size
360KB
-
MD5
114d06d61ef7e48db10937be060a6dab
-
SHA1
76ab812ba791639069b7b102db780c1a99e397a2
-
SHA256
9542a0999fef704961e3095ab05d1bde47b062674ca999ab69864a58d8d02883
-
SHA512
357700eebab2caf87a45da85f0b34a0141604254a14fc23ed16203ec9cdfd49700c88bdacfe6060a8231d1e0d7dfd1fee66b9f8aca8d1652f2ffa260cbff20ab
-
SSDEEP
3072:dWTIRnSS15FzgY3PGYnNBXBxJ2ftvNMDfs6STuvw/T5ddmwOPj4r+m9n7:dWknt15FUY3PHNN8tHJN/FIjzW
Score10/10-
Detects SvcStealer Payload
SvcStealer aka Diamotrix Clipper is a stealer/downloader written in C++.
-
Disables service(s)
-
Modifies visibility of file extensions in Explorer
-
SvcStealer, Diamotrix
SvcStealer aka Diamotrix Clipper is a stealer/downloader written in C++.
-
Svcstealer family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Command and Scripting Interpreter: PowerShell
Run Powershell to execute payload.
-
-
-
Target
bin/app.exe
-
Size
2.5MB
-
MD5
7f57207f221db2b08e27d64bc9121b28
-
SHA1
3bfc4b12a533ee1ce62e5d348027d4ac90ab49db
-
SHA256
03a234060541b686ac4265754aff43df9325c21383f90e17f831e67965d717f8
-
SHA512
7cc44ff1c3210db2478f4e37fef23669f0425b1b1672fc5f53956890daccb84b32fa25c8da9f7ce0cd1deb9e697e46cdae0762a0af818f98b93544b8e39f8a25
-
SSDEEP
24576:zv5MZtiOMKNOJMv9EC8oJ8VxHuDBjk38WuBcAbwoA/BkjSHXP36RMG:zxMZtiOMK9EC8oa6CSA/Bkj0
Score1/10 -
-
-
Target
lang/Japanese.ini
-
Size
117KB
-
MD5
a4f8eefd8e5bb80282d3f151be2d1be1
-
SHA1
27257ce055dfa8d21c96ff4fce879fb3f1f2cf3c
-
SHA256
3de708d87fc9df3ef0548ef6987f26320c5cccaab3c4cf98db50ec1926950174
-
SHA512
d9f560654d427a8cb231a4fc514421db4874d0394377dbecc385d2d0b1c742f31384e3d3972ed6e57f84cd32ef1c98d93ca9146901289cdd97108411fac889d9
-
SSDEEP
1536:+7IRhbQC2XQOeyWDNm60K697FxTgd5Jn9Av416Lb8rq/hiqtdD+tnAo7YiAhf254:9jjm7q5Jn9Av4Gb8rohiTLAd25Ze
Score3/10 -
-
-
Target
lang/lang.exe
-
Size
762.9MB
-
MD5
0937bd480f16b2dfc6f939d4bf26016d
-
SHA1
12fe85a77737afa5a75fb16d7047e997ca183ae0
-
SHA256
05e041cacd46f389e456c633ee9ad897300aa025edd3cf0b795240c9f8e9e12b
-
SHA512
48cd1b35d8f01589cb57a15ed4d69dbeedc2623e0383adb0044d2f588ea0f54dc683997a7af45666cf6f51e3a1ab55005ea4ca2f4b7401bff825a3b562371ce5
-
SSDEEP
49152:V6qWnJqevKBuMMW/sMPd7SgpBjIQZVwaLliXN/FHoUg/9z1vWRJLo:ApPY/OKxB5bYrHoUi1vW3o
Score10/10-
Detects SvcStealer Payload
SvcStealer aka Diamotrix Clipper is a stealer/downloader written in C++.
-
SvcStealer, Diamotrix
SvcStealer aka Diamotrix Clipper is a stealer/downloader written in C++.
-
Svcstealer family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to execute payload.
-
-
-
Target
tls/qschannelbackend.dll
-
Size
212KB
-
MD5
1d553367047781e4cb8375e0d69f92f9
-
SHA1
d47e17e30f031484874058e3c012ee6483dcce4a
-
SHA256
943b8a803d0521bb0f38c70e22bfb2a7ad89ba84de2724e670563808f89d4fcb
-
SHA512
895d21ee6aaa9fa029c4ba459495bfe58709ff80f33d6218f563aecfea2acf3d2e36f86dfad3aec4cbc1747502f747829ae918960cb9b1434d748364c825d41f
-
SSDEEP
3072:9JU8QId9ZfEGn4BYBYR3MLZP5IBvzhwsOU1DTjx8K4l8U0AZFYMO8/Y3QBxXMwKy:9dTZ9CR3CZPkhYeKd3YQBxI+Ei
Score1/10 -
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
2PowerShell
2System Services
1Service Execution
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2