povertystealer | 4ae0155fe8c944ccbde62c60a52df1f2a4c56a794076d4dd679c30001a083027

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
13-12-2023 04:10

Target

RElectron/Method 2/loader.exe
Size

207KB
MD5

f2050174398836cfb7893fbf6f175ea0
SHA1

cecc845f830643b597edb33a114fc24ceff83448
SHA256

d492ed6acb7ea997d74cd8628f7ea68258e299f47d9e81f331055da08617bb29
SHA512

ad3f57b51a4b378e8685e5150cb3ff1b26d004131c788e4f914059daabaf87c0076d47c54a00fc06ba87c6766bfa35f06ca2f86e4c711e0f89d427850a04835b
SSDEEP

3072:pAPT9JyoBZMl7Urfm9pMySretPr67ybnThJhOzQHOAg0Fuj/8svRihLIBblB7UxV:povBOMOMySrQbnTh0AOLvZmIBRB7UxV

Score

10^/10

Detect Poverty Stealer Payload 5 IoCs

resource	yara_rule
behavioral3/memory/1684-3-0x0000000000400000-0x000000000040A000-memory.dmp	family_povertystealer
behavioral3/memory/1684-4-0x0000000000400000-0x000000000040A000-memory.dmp	family_povertystealer
behavioral3/memory/1684-6-0x0000000000400000-0x000000000040A000-memory.dmp	family_povertystealer
behavioral3/memory/1684-8-0x0000000000400000-0x000000000040A000-memory.dmp	family_povertystealer
behavioral3/memory/1684-10-0x0000000000400000-0x000000000040A000-memory.dmp	family_povertystealer

Poverty Stealer
Poverty Stealer is a crypto and infostealer written in C++.
stealer povertystealer

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1680 set thread context of 1684	1680	loader.exe	28

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2756	1684	WerFault.exe	28

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 1684	1680	loader.exe	28
PID 1680 wrote to memory of 1684	1680	loader.exe	28
PID 1680 wrote to memory of 1684	1680	loader.exe	28
PID 1680 wrote to memory of 1684	1680	loader.exe	28
PID 1680 wrote to memory of 1684	1680	loader.exe	28
PID 1680 wrote to memory of 1684	1680	loader.exe	28
PID 1680 wrote to memory of 1684	1680	loader.exe	28
PID 1680 wrote to memory of 1684	1680	loader.exe	28
PID 1680 wrote to memory of 1684	1680	loader.exe	28
PID 1680 wrote to memory of 1684	1680	loader.exe	28
PID 1680 wrote to memory of 1684	1680	loader.exe	28
PID 1680 wrote to memory of 1684	1680	loader.exe	28
PID 1680 wrote to memory of 1684	1680	loader.exe	28
PID 1684 wrote to memory of 2756	1684	AppLaunch.exe	29
PID 1684 wrote to memory of 2756	1684	AppLaunch.exe	29
PID 1684 wrote to memory of 2756	1684	AppLaunch.exe	29
PID 1684 wrote to memory of 2756	1684	AppLaunch.exe	29
PID 1684 wrote to memory of 2756	1684	AppLaunch.exe	29
PID 1684 wrote to memory of 2756	1684	AppLaunch.exe	29
PID 1684 wrote to memory of 2756	1684	AppLaunch.exe	29

memory/1684-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1684-1-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1684-2-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1684-3-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1684-4-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1684-5-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/1684-6-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1684-8-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1684-10-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download