Analysis

  • max time kernel
    137s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-02-2024 09:55

General

  • Target

    loader.exe

  • Size

    3.6MB

  • MD5

    ddb1b7702e173bfefc5dfae5f52551fc

  • SHA1

    838bc885a60ec91d870599334aef030d1a2bf9cb

  • SHA256

    6bdcb5dbda59419025cf464f9600b6090c0ebc3a9e669df90d0dc08f7a13b0cb

  • SHA512

    a6dc819b8cce8da2c0226ec39edce35fd53187c4a6c2531026d3df0e8c9d7a852f416b6568d6e21db1d48de4939be300cac26e82834c8cda16fff08cbaf65c64

  • SSDEEP

    49152:lNiV4d3Hm64LGcm7yqTUswcEjoG9JZD3J3nKaUxcWAtIZL+/qELe:5xmDG/JUzqEy

Score
10/10

Malware Config

Signatures

  • Detect Poverty Stealer Payload 3 IoCs
  • Poverty Stealer

    Poverty Stealer is a crypto and infostealer written in C++.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\loader.exe
    "C:\Users\Admin\AppData\Local\Temp\loader.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4852
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"
      2⤵
        PID:1512

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1512-4-0x0000000001230000-0x000000000123A000-memory.dmp

      Filesize

      40KB

    • memory/1512-7-0x0000000001230000-0x000000000123A000-memory.dmp

      Filesize

      40KB

    • memory/1512-9-0x0000000001230000-0x000000000123A000-memory.dmp

      Filesize

      40KB

    • memory/4852-5-0x00007FF60DA30000-0x00007FF60DE28000-memory.dmp

      Filesize

      4.0MB