Analysis
-
max time kernel
136s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
03-04-2024 00:36
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
loader4K.exe
Resource
win10v2004-20240226-en
4 signatures
150 seconds
General
-
Target
loader4K.exe
-
Size
51KB
-
MD5
5913e519d8ccc878a4aaf57f6e4fd420
-
SHA1
114dd01a7012f8fc8c3fe6496f14302246aa7df7
-
SHA256
095ffcead6a3818aa0b125af5458d08d3de4841105e78515857d3a8af2e4ce2e
-
SHA512
24ad2163403172e8e4e968583bcfb56627d595b488bfe6d01b2fe32a51b1a54b92b6f989d3b2a08650df3e5991c81898990a6924661b3080c9236545d81f5937
-
SSDEEP
768:rwzWLW2fgoy72fE9BW818ZWMDNtPP+JqjIAlrwdBfTW0KnYDiOsRMjkFGJ:EWKWbyr9881CgA0ARwdBWYDSRMjnJ
Score
10/10
Malware Config
Signatures
-
Detect Poverty Stealer Payload 6 IoCs
resource yara_rule behavioral1/memory/4592-4-0x0000000000400000-0x000000000040A000-memory.dmp family_povertystealer behavioral1/memory/4568-6-0x00000000028F0000-0x00000000048F0000-memory.dmp family_povertystealer behavioral1/memory/4592-10-0x0000000000400000-0x000000000040A000-memory.dmp family_povertystealer behavioral1/memory/4592-11-0x0000000000400000-0x000000000040A000-memory.dmp family_povertystealer behavioral1/memory/4592-13-0x0000000000400000-0x000000000040A000-memory.dmp family_povertystealer behavioral1/memory/4592-12-0x0000000000400000-0x000000000040A000-memory.dmp family_povertystealer -
Poverty Stealer
Poverty Stealer is a crypto and infostealer written in C++.
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 4568 set thread context of 4592 4568 loader4K.exe 100 -
Suspicious use of WriteProcessMemory 9 IoCs
description pid Process procid_target PID 4568 wrote to memory of 4592 4568 loader4K.exe 100 PID 4568 wrote to memory of 4592 4568 loader4K.exe 100 PID 4568 wrote to memory of 4592 4568 loader4K.exe 100 PID 4568 wrote to memory of 4592 4568 loader4K.exe 100 PID 4568 wrote to memory of 4592 4568 loader4K.exe 100 PID 4568 wrote to memory of 4592 4568 loader4K.exe 100 PID 4568 wrote to memory of 4592 4568 loader4K.exe 100 PID 4568 wrote to memory of 4592 4568 loader4K.exe 100 PID 4568 wrote to memory of 4592 4568 loader4K.exe 100
Processes
-
C:\Users\Admin\AppData\Local\Temp\loader4K.exe"C:\Users\Admin\AppData\Local\Temp\loader4K.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4568 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:4592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3180 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:81⤵PID:3092