povertystealer | 62908238f6de1e81bd0fa73bdb7a6f9a4b1f96caae7160949d35714bcd868aa0[.]exe | Triage

Sharing

General

Target

62908238f6de1e81bd0fa73bdb7a6f9a4b1f96caae7160949d35714bcd868aa0.exe
Size

50KB
MD5

01ea8bef669a207c4369a4416f90825c
SHA1

94e1f2adffc0dfdb16a1225734f8fd6c694f9c29
SHA256

62908238f6de1e81bd0fa73bdb7a6f9a4b1f96caae7160949d35714bcd868aa0
SHA512

8b444d0af298ac56b0b8b789b598620c608b1bad70bb83ec3c9f6451822c90a481bdc2811a3bea4ced239930f99dda2082da11638d6e5d400ac60037e93bedc4
SSDEEP

768:Zd5O9ZwyKCXv6KjdGRsezw5zqKqN3DYjaeWKq3GGYl3T97pyKS/U3l/KiQKFoVTl:/5O9ZwyKUvdk9mGY3x/KdKqqGl

Score

10^/10

povertystealer

Malware Config

Signatures

Detect Poverty Stealer Payload 1 IoCs

resource	yara_rule
sample	family_povertystealer

Povertystealer family
povertystealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
62908238f6de1e81bd0fa73bdb7a6f9a4b1f96caae7160949d35714bcd868aa0.exe

Files

62908238f6de1e81bd0fa73bdb7a6f9a4b1f96caae7160949d35714bcd868aa0.exe
.exe windows:5 windows x86 arch:x86

cd54843d3fee4a0e6a727c5c5e30b1cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
GetCurrentProcess
GetFileAttributesW
OpenProcess
CloseHandle
GetModuleFileNameW
Sleep
WaitForMultipleObjects
HeapAlloc
CreateMutexA
GetLastError
CreateThread
DeleteCriticalSection
VirtualAlloc
MultiByteToWideChar
IsDBCSLeadByte
WideCharToMultiByte
HeapReAlloc
LeaveCriticalSection
EnterCriticalSection
HeapFree
InitializeCriticalSectionAndSpinCount
DeleteFileW

user32

ReleaseDC
GetDC

gdi32

GetObjectW
GetCurrentObject
DeleteObject

crypt32

CryptProtectData

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ