povertystealer | 6334dab628b668f009c5612f1971b394095e775a9bb43769471a134057053ae3[.]exe | Triage

Sharing

General

Target

6334dab628b668f009c5612f1971b394095e775a9bb43769471a134057053ae3.exe
Size

29KB
MD5

f8ef160aa726fe181eb8b0a83b796985
SHA1

5b9ca4e5d3ccf6fd436e1a5476dbb1afbc13d215
SHA256

6334dab628b668f009c5612f1971b394095e775a9bb43769471a134057053ae3
SHA512

d14d6ed032c2eb870c5c2e598412f58c40a761221f4718e72d0c8eec1061ddafd54519a5d2900ee98636338f2e91d67c26ecf9503af5286103fc3c6161565dcc
SSDEEP

384:m3NudP6s4SEms0F10yEVlOtxtx9gN8cJkgQXkxbcTurVbgOROp/adpZpTJHabHkb:m8UtP704OJnVkxbcyrVsOO/iBXJ

Score

10^/10

povertystealer

Malware Config

Signatures

Detect Poverty Stealer Payload 1 IoCs

Processes:

resource	yara_rule
sample	family_povertystealer

Povertystealer family
povertystealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
6334dab628b668f009c5612f1971b394095e775a9bb43769471a134057053ae3.exe

Files

6334dab628b668f009c5612f1971b394095e775a9bb43769471a134057053ae3.exe
.exe windows:5 windows x86 arch:x86

8995d522de22f9685bfb9ecf82fc5160

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForMultipleObjects
GetUserDefaultUILanguage
InitializeCriticalSectionAndSpinCount
CreateMutexA
Sleep
GetLastError
CloseHandle
GetSystemInfo
CreateThread
DeleteCriticalSection
ExitProcess
HeapFree
MultiByteToWideChar
GetModuleFileNameW
IsDBCSLeadByte
HeapAlloc
GetProcessHeap
WideCharToMultiByte
GetCurrentProcess
VirtualAlloc
GetFileAttributesW
DuplicateHandle
GetModuleHandleA
OpenProcess
LoadLibraryA
GetProcAddress
IsWow64Process
LeaveCriticalSection
HeapReAlloc
EnterCriticalSection

user32

GetDC
EnumDisplayDevicesA
GetKeyboardLayoutList
GetCursorPos
GetSystemMetrics
ReleaseDC

advapi32

GetCurrentHwProfileA

crypt32

CryptProtectData

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 764B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ