General

  • Target

    2025-06-04_e5afb502831b0bb5feb26401459590f3_amadey_cobalt-strike_darkgate_magniber_satacom_smoke-loader

  • Size

    7.1MB

  • Sample

    250604-p2yjhsxyhy

  • MD5

    e5afb502831b0bb5feb26401459590f3

  • SHA1

    4f4cf12b1206ecd262c67f04128080b64ccee776

  • SHA256

    b68c314d7c9d5100f46040b07b3d255b347e0a2b25c1446faaaf905f34aea484

  • SHA512

    b443f3ec917d8b4f133b53172fc8161d3b45788a9bf0b2953b88eb4573346145bc4cb9052daa48a724f76290ee26f4fb2e0739ea3c7705bcfa9b4fee90dbc807

  • SSDEEP

    98304:ncAxHXSZA2/igxEnFB4pnE4+8yyClK3IPs7fJRi:coSZA2/9+GNClK4Ps7f

Malware Config

Targets

    • Target

      2025-06-04_e5afb502831b0bb5feb26401459590f3_amadey_cobalt-strike_darkgate_magniber_satacom_smoke-loader

    • Size

      7.1MB

    • MD5

      e5afb502831b0bb5feb26401459590f3

    • SHA1

      4f4cf12b1206ecd262c67f04128080b64ccee776

    • SHA256

      b68c314d7c9d5100f46040b07b3d255b347e0a2b25c1446faaaf905f34aea484

    • SHA512

      b443f3ec917d8b4f133b53172fc8161d3b45788a9bf0b2953b88eb4573346145bc4cb9052daa48a724f76290ee26f4fb2e0739ea3c7705bcfa9b4fee90dbc807

    • SSDEEP

      98304:ncAxHXSZA2/igxEnFB4pnE4+8yyClK3IPs7fJRi:coSZA2/9+GNClK4Ps7f

    • Detects SvcStealer Payload

      SvcStealer aka Diamotrix Clipper is a stealer/downloader written in C++.

    • SvcStealer, Diamotrix

      SvcStealer aka Diamotrix Clipper is a stealer/downloader written in C++.

    • Svcstealer family

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to execute payload.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks