Overview

overview

10

Static

static

1

photoshop.lnk

windows7-x64

10

photoshop.lnk

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    photoshop.lnk

  • Size

    1KB

  • Sample

    240304-wa5l3she88

  • MD5

    53388b72e46cbc4a0110d3b6d0c0f930

  • SHA1

    46881d02e2249c29ff212eb0bf15ce07828ae519

  • SHA256

    05ef3c21d0ec7a856038e43c38032104948a535078649721b790548bf3260e28

  • SHA512

    00646615c24cf58f28dfbd6a373f981f85738ec35ca91ef4816198fbc80573ce249083c7df60fdd0a63b42fa1e8011901555be8f5b8181490f2d767a085dc885

Score
10/10
povertystealerevasionstealertrojan

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://91.92.251.35/Downloads/Ten/photoshop

Extracted

Language
hta
Source
URLs
hta.dropper

http://91.92.251.35/Downloads/Ten/photoshop

Targets

    • Target

      photoshop.lnk

    • Size

      1KB

    • MD5

      53388b72e46cbc4a0110d3b6d0c0f930

    • SHA1

      46881d02e2249c29ff212eb0bf15ce07828ae519

    • SHA256

      05ef3c21d0ec7a856038e43c38032104948a535078649721b790548bf3260e28

    • SHA512

      00646615c24cf58f28dfbd6a373f981f85738ec35ca91ef4816198fbc80573ce249083c7df60fdd0a63b42fa1e8011901555be8f5b8181490f2d767a085dc885

    Score
    10/10
    povertystealerevasionstealertrojan

    • Detect Poverty Stealer Payload

    • Poverty Stealer

      Poverty Stealer is a crypto and infostealer written in C++.

      stealerpovertystealer

    • UAC bypass

      evasiontrojan

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks