povertystealer | hxxps://devbuilds[.]s[.]kaspersky-labs[.]com/devbuilds/KVRT/latest/full/KVRT[.]exe | Triage

Submit
Reports

Overview

overview

Static

static

1

URLScan

urlscan

1

https://devbuilds.s....

windows10-1703-x64

Sharing

General

Target

https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe
Sample

230908-1d3dcafe8y

Score

10^/10

povertystealer evasion stealer

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe

Resource

win10-20230831-en

povertystealer evasion stealer

windows10-1703-x64

26 signatures

300 seconds

Malware Config

Targets

- Target
  
  https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe
Score

10^/10

povertystealer evasion stealer
- Detect Poverty Stealer Payload
- Poverty Stealer
  Poverty Stealer is a crypto and infostealer written in C++.
  stealer povertystealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Blocklisted process makes network request
- Downloads MZ/PE file
- Drops file in Drivers directory
- Stops running service(s)
  evasion
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Service Stop

Tasks

static1

urlscan1

behavioral1

povertystealerevasionstealer

© 2018-2025

Terms | Privacy