Overview

overview

10

Static

static

3

C4PROsetup.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    C4PROsetup.exe

  • Size

    1.5MB

  • Sample

    230927-prx51aag2s

  • MD5

    3eb322413d88110f64b4bb8fed638a61

  • SHA1

    3648f10a7c186853b236e279d54e4c7ed0416e5b

  • SHA256

    7934237a4456c4286ecf3698c3a4e7cfa5241a7a7bab344c74ac9ae73c54980d

  • SHA512

    3a4bf59ec85c8ec6f48ca4668f2c8a6c0d0e3925fa8b197f35a0ad07fb635f9bc7fe5f55f106319c57d899cab45364994d7daeabda92fb1a29999832db5dde47

  • SSDEEP

    24576:JmhJNqxBA6KQc7UISy95IiRgxghbc2ZFwv/Tnyy5R5IyO0WdtALZ:JyMAQKRHugvFW+y5Rajdt

Score
10/10
povertystealerevasionspywarestealer

Malware Config

Targets

    • Target

      C4PROsetup.exe

    • Size

      1.5MB

    • MD5

      3eb322413d88110f64b4bb8fed638a61

    • SHA1

      3648f10a7c186853b236e279d54e4c7ed0416e5b

    • SHA256

      7934237a4456c4286ecf3698c3a4e7cfa5241a7a7bab344c74ac9ae73c54980d

    • SHA512

      3a4bf59ec85c8ec6f48ca4668f2c8a6c0d0e3925fa8b197f35a0ad07fb635f9bc7fe5f55f106319c57d899cab45364994d7daeabda92fb1a29999832db5dde47

    • SSDEEP

      24576:JmhJNqxBA6KQc7UISy95IiRgxghbc2ZFwv/Tnyy5R5IyO0WdtALZ:JyMAQKRHugvFW+y5Rajdt

    Score
    10/10
    povertystealerevasionspywarestealer

    • Detect Poverty Stealer Payload

    • Poverty Stealer

      Poverty Stealer is a crypto and infostealer written in C++.

      stealerpovertystealer

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Stops running service(s)

      evasion

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks