General

  • Target

    IPTV Checker v0.3.exe

  • Size

    8.0MB

  • Sample

    250604-rv9pbagp7t

  • MD5

    79d0adbfb3700bb117d71621105b8df0

  • SHA1

    37238133a1408bc9f461f53bc4d2b0a95368c4fe

  • SHA256

    cc173ea5d9d65f486c1629bb9208308420f3b813c2fcd6ac80ba3c8bc9f2eef3

  • SHA512

    afd9f7ea2b0f99345294e5f0a5efcc5bd784bedf6c21794a96a8882dd1a40189a9c9eb5667b2023412289364efb931a7ed972e818866b8810b9ea3e0bec96d9b

  • SSDEEP

    196608:azSibqEKUCLnIu3B4dWvyHzQZsugt2JFRZlML:kjqNIBdmyH/ugt2tML

Malware Config

Targets

    • Target

      IPTV Checker v0.3.exe

    • Size

      8.0MB

    • MD5

      79d0adbfb3700bb117d71621105b8df0

    • SHA1

      37238133a1408bc9f461f53bc4d2b0a95368c4fe

    • SHA256

      cc173ea5d9d65f486c1629bb9208308420f3b813c2fcd6ac80ba3c8bc9f2eef3

    • SHA512

      afd9f7ea2b0f99345294e5f0a5efcc5bd784bedf6c21794a96a8882dd1a40189a9c9eb5667b2023412289364efb931a7ed972e818866b8810b9ea3e0bec96d9b

    • SSDEEP

      196608:azSibqEKUCLnIu3B4dWvyHzQZsugt2JFRZlML:kjqNIBdmyH/ugt2tML

    • Detects SvcStealer Payload

      SvcStealer aka Diamotrix Clipper is a stealer/downloader written in C++.

    • SvcStealer, Diamotrix

      SvcStealer aka Diamotrix Clipper is a stealer/downloader written in C++.

    • Svcstealer family

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks