povertystealer | 2f21f30a2296a79452aa817f7cc65921efe95b9d0752c7532765dc6c0ec97ae0

General

Target

2f21f30a2296a79452aa817f7cc65921efe95b9d0752c7532765dc6c0ec97ae0
Size

18KB
MD5

4c0e1720717d8d59215f12b0fd482a9f
SHA1

737fc4166dc3ac404b8296ee3bfb045c90a0bbe9
SHA256

2f21f30a2296a79452aa817f7cc65921efe95b9d0752c7532765dc6c0ec97ae0
SHA512

dc982e0ac5a6ed856c321139c78ff6740d9dd8f66b54eedadd1e539b024b115cea83ed226e0772334e821f005662a475e4b4215572434e4f8d01aee9e565f559
SSDEEP

384:axR2VCFhiP0Lk5m0GF068mG/hTlUjNgKEph+gHbfPL+0XjsYF:I/FA0w40Gr8m0hV/h+gLjfTbF

Score

10^/10

povertystealer

Detect Poverty Stealer Payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/68c536dd8bcc4da2ef451c9bdb1a4cd6963b11b43ed58db462b5c2704e78f609.exe	family_povertystealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/68c536dd8bcc4da2ef451c9bdb1a4cd6963b11b43ed58db462b5c2704e78f609.exe

2f21f30a2296a79452aa817f7cc65921efe95b9d0752c7532765dc6c0ec97ae0
.zip

Password: infected
68c536dd8bcc4da2ef451c9bdb1a4cd6963b11b43ed58db462b5c2704e78f609.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ