povertystealer | 21a64db7f98a87012c4f9fee2b5fc8ca[.]bin | Triage

Sharing

General

Target

21a64db7f98a87012c4f9fee2b5fc8ca.bin
Size

10.3MB
MD5

cdb615acddf38948ddfcaaac87c00f6f
SHA1

e304dc7265559146a7412294d830c3e73c73cde5
SHA256

201e4d1aae2a3904bd11f71a86a6aad10938ab129f494ef3064150c8ce0fbd10
SHA512

00b3af792eeffa1262f86e9c1605a361f775f2fd90674f59d1850a93cc19ed74330dc8ded10a52ed5e355256beba6eb48091b4a8fad9bc6d241de09438b04c72
SSDEEP

196608:mL87RiSX4SPv/LCow0WjTURBVNbQ/st5SgGtcHG/v/Q:m47RiyHzCoweBMsjS5Cm/v/Q

Score

10^/10

povertystealer

Malware Config

Signatures

Detect Poverty Stealer Payload 1 IoCs

resource	yara_rule
static1/unpack001/c12475a1aea267812b2bfd6ddf8f134d774c35b565fac0ca2161295df86a3d24.exe	family_povertystealer

Povertystealer family
povertystealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/c12475a1aea267812b2bfd6ddf8f134d774c35b565fac0ca2161295df86a3d24.exe

Files

21a64db7f98a87012c4f9fee2b5fc8ca.bin
.zip

Password: infected
c12475a1aea267812b2bfd6ddf8f134d774c35b565fac0ca2161295df86a3d24.exe
.exe windows:5 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SYS_x64
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.SYS_x64
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp³¤
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp³¤
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp³¤
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ