General

  • Target

    82af0e06f33e00430d4bd6d8fd026cfce5a413d45f819263fc7db31b1e45d989.exe

  • Size

    740KB

  • Sample

    240710-mcwmhssbkn

  • MD5

    b9a2922c33a07f381ab2765ad7c09ccb

  • SHA1

    8beba7166d8a50cbbd22e9999c6f446d0759943a

  • SHA256

    82af0e06f33e00430d4bd6d8fd026cfce5a413d45f819263fc7db31b1e45d989

  • SHA512

    855c91db9fb21f90d2eefb0ee2222b99049dbdda356a1004831364960356dafacf1fffc93609fde9c3883b9fcdf9e957811e0a3676fa31f91f6e13068cd38f51

  • SSDEEP

    12288:lCV86nofv3fNIGJpIlOrIhYW6NappxuBguALkPSoakQ91YlcM4Ai5H6vDmKiY98j:lyFnoXfNIApwhYVepeALkPgkQ/rrAiRN

Malware Config

Targets

    • Target

      82af0e06f33e00430d4bd6d8fd026cfce5a413d45f819263fc7db31b1e45d989.exe

    • Size

      740KB

    • MD5

      b9a2922c33a07f381ab2765ad7c09ccb

    • SHA1

      8beba7166d8a50cbbd22e9999c6f446d0759943a

    • SHA256

      82af0e06f33e00430d4bd6d8fd026cfce5a413d45f819263fc7db31b1e45d989

    • SHA512

      855c91db9fb21f90d2eefb0ee2222b99049dbdda356a1004831364960356dafacf1fffc93609fde9c3883b9fcdf9e957811e0a3676fa31f91f6e13068cd38f51

    • SSDEEP

      12288:lCV86nofv3fNIGJpIlOrIhYW6NappxuBguALkPSoakQ91YlcM4Ai5H6vDmKiY98j:lyFnoXfNIApwhYVepeALkPgkQ/rrAiRN

    • Detect Poverty Stealer Payload

    • Poverty Stealer

      Poverty Stealer is a crypto and infostealer written in C++.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks