General
-
Target
2025-06-04_91e9d8beed1cd93b5d4845bbbcda70df_cobalt-strike_darkgate_magniber_satacom
-
Size
8.3MB
-
Sample
250604-e7e91sdq8t
-
MD5
91e9d8beed1cd93b5d4845bbbcda70df
-
SHA1
66c862a89d5200539f9a2ddebd33856a28eb69a4
-
SHA256
e6fca8fa354716d1456f72f44115c7a8feafd6cd3f300c1bc717f10cb5c54ba1
-
SHA512
35bcb5502591259dec9c2aea1dbd8868dea015808d5e206b43a090114acfd94b176d934795fe041256c69caa1aa2e2b9def18efb844c4bd113625ad1a9dfb679
-
SSDEEP
98304:BkxHXSjOJYRyQAAjyCKIZHDlh0o+aMYQWJfpT29g4HEzRkSZC8ZxLeDb:BMSkQA/ITedWP29g4HWR/ZC8ZxL
Behavioral task
behavioral1
Sample
2025-06-04_91e9d8beed1cd93b5d4845bbbcda70df_cobalt-strike_darkgate_magniber_satacom.exe
Resource
win10v2004-20250502-en
Malware Config
Targets
-
-
Target
2025-06-04_91e9d8beed1cd93b5d4845bbbcda70df_cobalt-strike_darkgate_magniber_satacom
-
Size
8.3MB
-
MD5
91e9d8beed1cd93b5d4845bbbcda70df
-
SHA1
66c862a89d5200539f9a2ddebd33856a28eb69a4
-
SHA256
e6fca8fa354716d1456f72f44115c7a8feafd6cd3f300c1bc717f10cb5c54ba1
-
SHA512
35bcb5502591259dec9c2aea1dbd8868dea015808d5e206b43a090114acfd94b176d934795fe041256c69caa1aa2e2b9def18efb844c4bd113625ad1a9dfb679
-
SSDEEP
98304:BkxHXSjOJYRyQAAjyCKIZHDlh0o+aMYQWJfpT29g4HEzRkSZC8ZxLeDb:BMSkQA/ITedWP29g4HWR/ZC8ZxL
-
Detects SvcStealer Payload
SvcStealer aka Diamotrix Clipper is a stealer/downloader written in C++.
-
SvcStealer, Diamotrix
SvcStealer aka Diamotrix Clipper is a stealer/downloader written in C++.
-
Svcstealer family
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v16
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2