povertystealer | c12475a1aea267812b2bfd6ddf8f134d774c35b565fac0ca2161295df86a3d24[.]exe | Triage

Sharing

General

Target

c12475a1aea267812b2bfd6ddf8f134d774c35b565fac0ca2161295df86a3d24.exe
Size

11.0MB
MD5

21a64db7f98a87012c4f9fee2b5fc8ca
SHA1

66cb016380591a806cf9522ee85b9e1f6bc4cde2
SHA256

c12475a1aea267812b2bfd6ddf8f134d774c35b565fac0ca2161295df86a3d24
SHA512

fb28755b6a4008e9899bc36d001875bd185b37d4ae73cedee8e89c9c2ebe99eec7f82ea3c8b19bf2bbc0ddb3d61e41beb66aa514b815029f68edfaa404001d23
SSDEEP

196608:fGghs6a/Ywc0qNjmO/p0cEvEc273k1kKXjxLwRn0hYrUuy4TEKg7TnE7Bb4O:uXORjvhsvEcnpT6t0hYguy4AKKI7Bbj

Score

10^/10

povertystealer

Malware Config

Signatures

Detect Poverty Stealer Payload 1 IoCs

resource	yara_rule
sample	family_povertystealer

Povertystealer family
povertystealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c12475a1aea267812b2bfd6ddf8f134d774c35b565fac0ca2161295df86a3d24.exe

Files

c12475a1aea267812b2bfd6ddf8f134d774c35b565fac0ca2161295df86a3d24.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SYS_x64
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.SYS_x64
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp³¤
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp³¤
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp³¤
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ