General
-
Target
03fa96650130466d43c4b486c615294a.exe
-
Size
1.8MB
-
Sample
240307-ncj46aba3s
-
MD5
03fa96650130466d43c4b486c615294a
-
SHA1
88650e99ae745097810f096035a3272455e0b708
-
SHA256
15bf2e47fd14a3a676452ca26d5c2551a67140ed8e8d3f1ebce9e5fcb7aa3fb4
-
SHA512
c0583e46f845e6a53a559ca4658d7203a921ff9fabb8a5cee20551e80f056d2def72c112921968435a3e30bb0dcd08bb824159f1bca1bcfa137bf3ee3263115f
-
SSDEEP
49152:gwsPtT+HW9zDL6axnzPmZ/lqTpv9Dasv3xzHM3kCJwf:gwMtSAXL68nzgITZBfxxCW
Malware Config
Targets
-
-
Target
03fa96650130466d43c4b486c615294a.exe
-
Size
1.8MB
-
MD5
03fa96650130466d43c4b486c615294a
-
SHA1
88650e99ae745097810f096035a3272455e0b708
-
SHA256
15bf2e47fd14a3a676452ca26d5c2551a67140ed8e8d3f1ebce9e5fcb7aa3fb4
-
SHA512
c0583e46f845e6a53a559ca4658d7203a921ff9fabb8a5cee20551e80f056d2def72c112921968435a3e30bb0dcd08bb824159f1bca1bcfa137bf3ee3263115f
-
SSDEEP
49152:gwsPtT+HW9zDL6axnzPmZ/lqTpv9Dasv3xzHM3kCJwf:gwMtSAXL68nzgITZBfxxCW
Score10/10-
Detect Poverty Stealer Payload
-
Poverty Stealer
Poverty Stealer is a crypto and infostealer written in C++.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-
-
-
Target
$TEMP/Compound
-
Size
161KB
-
MD5
da2be5607513a22a9d61d9538f5f0636
-
SHA1
e77975bb6f507b4089409a06ab2226a6d54bfefd
-
SHA256
640dd32f2764bdb5c0578093a02e828ff53e18d397512a1992bba583d1d2e648
-
SHA512
1f432b70928e2b41fe74427e086bca411c88710adba700c32bc6089d02684edd04859503269b95bfa64be7439ebbfd41d928d9a464717517db18e68bc3eb63f4
-
SSDEEP
3072:vsVEU0SgcAApfFSvfWLhOa2rdf1wFX8ZpU80KS/n0zmo:mHggFOrrdNWsZK8X0n0So
Score1/10 -