General

  • Target

    2025-06-04_91e9d8beed1cd93b5d4845bbbcda70df_cobalt-strike_darkgate_magniber_satacom

  • Size

    8.3MB

  • Sample

    250604-e7e91sdq8t

  • MD5

    91e9d8beed1cd93b5d4845bbbcda70df

  • SHA1

    66c862a89d5200539f9a2ddebd33856a28eb69a4

  • SHA256

    e6fca8fa354716d1456f72f44115c7a8feafd6cd3f300c1bc717f10cb5c54ba1

  • SHA512

    35bcb5502591259dec9c2aea1dbd8868dea015808d5e206b43a090114acfd94b176d934795fe041256c69caa1aa2e2b9def18efb844c4bd113625ad1a9dfb679

  • SSDEEP

    98304:BkxHXSjOJYRyQAAjyCKIZHDlh0o+aMYQWJfpT29g4HEzRkSZC8ZxLeDb:BMSkQA/ITedWP29g4HWR/ZC8ZxL

Malware Config

Targets

    • Target

      2025-06-04_91e9d8beed1cd93b5d4845bbbcda70df_cobalt-strike_darkgate_magniber_satacom

    • Size

      8.3MB

    • MD5

      91e9d8beed1cd93b5d4845bbbcda70df

    • SHA1

      66c862a89d5200539f9a2ddebd33856a28eb69a4

    • SHA256

      e6fca8fa354716d1456f72f44115c7a8feafd6cd3f300c1bc717f10cb5c54ba1

    • SHA512

      35bcb5502591259dec9c2aea1dbd8868dea015808d5e206b43a090114acfd94b176d934795fe041256c69caa1aa2e2b9def18efb844c4bd113625ad1a9dfb679

    • SSDEEP

      98304:BkxHXSjOJYRyQAAjyCKIZHDlh0o+aMYQWJfpT29g4HEzRkSZC8ZxLeDb:BMSkQA/ITedWP29g4HWR/ZC8ZxL

    • Detects SvcStealer Payload

      SvcStealer aka Diamotrix Clipper is a stealer/downloader written in C++.

    • SvcStealer, Diamotrix

      SvcStealer aka Diamotrix Clipper is a stealer/downloader written in C++.

    • Svcstealer family

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks