povertystealer | 6778fbe1bcd9e40dbb6d7459844eb7cf23143ac52630f3bfe12875d41711a7df | Triage

Submit
Reports

Overview

overview

Static

static

3

C4PRSetup.exe

windows10-1703-x64

Sharing

General

Target

C4PRSetup.exe
Size

354KB
Sample

230919-xxcegsdf57
MD5

0a62c241828711c850366f7862af93a8
SHA1

cb2e6b819bc056a7a15d383f8459d1682885e8f0
SHA256

6778fbe1bcd9e40dbb6d7459844eb7cf23143ac52630f3bfe12875d41711a7df
SHA512

36e1c9aa4b60f03dd914204c50bb70052941a213ff3d8525ba42d688c122a17489e13a5da4292c28629de318f120a015b3404522b9878fe60ae361cf5240bc7a
SSDEEP

6144:IhAQlNW5SCKJ7Z0zHcJ6Wgh15rGdARtGcTnCPVJdzBmPKfK9:+AINrJ7aHxWgH5RlnCPVJFAY

Score

10^/10

povertystealer evasion spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

C4PRSetup.exe

Resource

win10-20230915-en

povertystealer evasion spyware stealer

windows10-1703-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  C4PRSetup.exe
- Size
  
  354KB
- MD5
  
  0a62c241828711c850366f7862af93a8
- SHA1
  
  cb2e6b819bc056a7a15d383f8459d1682885e8f0
- SHA256
  
  6778fbe1bcd9e40dbb6d7459844eb7cf23143ac52630f3bfe12875d41711a7df
- SHA512
  
  36e1c9aa4b60f03dd914204c50bb70052941a213ff3d8525ba42d688c122a17489e13a5da4292c28629de318f120a015b3404522b9878fe60ae361cf5240bc7a
- SSDEEP
  
  6144:IhAQlNW5SCKJ7Z0zHcJ6Wgh15rGdARtGcTnCPVJdzBmPKfK9:+AINrJ7aHxWgH5RlnCPVJFAY
Score

10^/10

povertystealer evasion spyware stealer
- Detect Poverty Stealer Payload
- Poverty Stealer
  Poverty Stealer is a crypto and infostealer written in C++.
  stealer povertystealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Blocklisted process makes network request
- Downloads MZ/PE file
- Drops file in Drivers directory
- Stops running service(s)
  evasion
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

povertystealerevasionspywarestealer

© 2018-2025

Terms | Privacy