Overview

overview

10

Static

static

3

Setup_Load...xa.dll

windows7-x64

3

Setup_Load...xa.dll

windows10-2004-x64

3

Setup_Load...ne.dll

windows7-x64

1

Setup_Load...ne.dll

windows10-2004-x64

1

Setup_Load...cq.dll

windows7-x64

1

Setup_Load...cq.dll

windows10-2004-x64

1

Setup_Load...se.dll

windows7-x64

3

Setup_Load...se.dll

windows10-2004-x64

3

Setup_Load...er.dll

windows7-x64

1

Setup_Load...er.dll

windows10-2004-x64

1

Setup_Load....1.exe

windows7-x64

10

Setup_Load....1.exe

windows10-2004-x64

10

Setup_Load...GL.dll

windows7-x64

1

Setup_Load...GL.dll

windows10-2004-x64

1

Setup_Load...v2.dll

windows7-x64

1

Setup_Load...v2.dll

windows10-2004-x64

3

Setup_Load...re.dll

windows7-x64

1

Setup_Load...re.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    13/09/2023, 12:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup_Loader v2.1/Setup_Loader v2.1.exe

  • Size

    14.6MB

  • MD5

    d6f7e3d35d83cdb0023f2dd7e45b081f

  • SHA1

    e892506c5af85088ca8b35dd645fe19299a5d4cf

  • SHA256

    593da8058de6240831bec473089fc79462c74af2c99701ebc6a5da8ba1635dd3

  • SHA512

    a891ca90b44a2133b4268bdfc47a1bc4a7bb2a99bf080151818a6d49274eba192c90ed26ef9f9660a2824ce57a3ba3a52314a5ceddc3a3c18bf95dcd66c160e6

  • SSDEEP

    196608:FeuVE9sVAPRkLJkTtOI7zkMDkRS9GvSCL:auVxLJkTtOI7zkMDkRS98

Score
10/10
povertystealerstealer

Malware Config

Signatures

  • Detect Poverty Stealer Payload 4 IoCs
  • Poverty Stealer

    Poverty Stealer is a crypto and infostealer written in C++.

    stealerpovertystealer
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup_Loader v2.1\Setup_Loader v2.1.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup_Loader v2.1\Setup_Loader v2.1.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2068
    • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe
      "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe"
      2⤵
        PID:2640

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2640-0-0x0000000000400000-0x000000000040F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2640-1-0x0000000000400000-0x000000000040F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2640-2-0x0000000000400000-0x000000000040F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2640-3-0x0000000000090000-0x0000000000091000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2640-4-0x0000000000400000-0x000000000040F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2640-9-0x0000000000400000-0x000000000040F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2640-10-0x0000000000090000-0x0000000000091000-memory.dmp

      Filesize

      4KB

      Download