Overview

overview

10

Static

static

1

06d7953369...1f.hta

windows7-x64

3

06d7953369...1f.hta

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    06d795336902755082d010c9a86993eb4de790d43858632b4279ddb6c17b1e1f.unknown

  • Size

    72KB

  • Sample

    240305-cfqkkaca57

  • MD5

    e09e50f4c8308806ae21242538e17e88

  • SHA1

    3d5d0f3e384ec93f87716cc49487cd7ef1e8714a

  • SHA256

    06d795336902755082d010c9a86993eb4de790d43858632b4279ddb6c17b1e1f

  • SHA512

    a5557c34562a8f2cf1ba07029f07d389788579c4333e0856da1b6b7ba09484015dbfcf8f6f43d3e21787e8ef70b82062d29ebbfaf57fc50ed6d2015b272c7259

  • SSDEEP

    768:fEnAiXp/x27ioVgCtTLalOmilXO3SuDbvq572+/unhi1zOz:Mn/p/x27ioVgCtTLbmweSuPyKti5Oz

Score
10/10
povertystealerevasionstealertrojan

Malware Config

Targets

    • Target

      06d795336902755082d010c9a86993eb4de790d43858632b4279ddb6c17b1e1f.unknown

    • Size

      72KB

    • MD5

      e09e50f4c8308806ae21242538e17e88

    • SHA1

      3d5d0f3e384ec93f87716cc49487cd7ef1e8714a

    • SHA256

      06d795336902755082d010c9a86993eb4de790d43858632b4279ddb6c17b1e1f

    • SHA512

      a5557c34562a8f2cf1ba07029f07d389788579c4333e0856da1b6b7ba09484015dbfcf8f6f43d3e21787e8ef70b82062d29ebbfaf57fc50ed6d2015b272c7259

    • SSDEEP

      768:fEnAiXp/x27ioVgCtTLalOmilXO3SuDbvq572+/unhi1zOz:Mn/p/x27ioVgCtTLbmweSuPyKti5Oz

    Score
    10/10
    povertystealerevasionstealertrojan

    • Detect Poverty Stealer Payload

    • Poverty Stealer

      Poverty Stealer is a crypto and infostealer written in C++.

      stealerpovertystealer

    • UAC bypass

      evasiontrojan

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks