povertystealer | a2d53e86197c92c8532daac73fde6cfbe913940fc2fbfd7f76f862879d83de73 | Triage

Submit
Reports

Overview

overview

Static

static

3

a2d53e8619...3N.exe

windows7-x64

a2d53e8619...3N.exe

windows10-2004-x64

Sharing

General

Target

a2d53e86197c92c8532daac73fde6cfbe913940fc2fbfd7f76f862879d83de73N.exe
Size

1.4MB
Sample

250124-x972xswlbm
MD5

96a4885c4e2c4d005748b531c26b61d0
SHA1

f2d5b366c11adc7632f94cd2cc7525f9b93bfea3
SHA256

a2d53e86197c92c8532daac73fde6cfbe913940fc2fbfd7f76f862879d83de73
SHA512

be1b5c53741b04b3d191fb32e4ddff468ac7cb735048b8bb9413fc8726b4e18c05b77395636170d47bf838c522541cea47cdefcb0a3071d67e57aa3a8248b763
SSDEEP

24576:3Mjhfa5aaH+5vgpD650+RFo6kF/5SrkGB8PGqooMWiI05bmktUNudtJjdPrF:K/nog50+Ri6kokGB9qoC1ab7SNudXjdZ

Score

10^/10

povertystealer discovery execution stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a2d53e86197c92c8532daac73fde6cfbe913940fc2fbfd7f76f862879d83de73N.exe

Resource

win7-20240903-en

povertystealer discovery execution stealer

windows7-x64

14 signatures

120 seconds

Behavioral task

behavioral2

Sample

a2d53e86197c92c8532daac73fde6cfbe913940fc2fbfd7f76f862879d83de73N.exe

Resource

win10v2004-20241007-en

povertystealer discovery execution stealer

windows10-2004-x64

14 signatures

120 seconds

Malware Config

Targets

- Target
  
  a2d53e86197c92c8532daac73fde6cfbe913940fc2fbfd7f76f862879d83de73N.exe
- Size
  
  1.4MB
- MD5
  
  96a4885c4e2c4d005748b531c26b61d0
- SHA1
  
  f2d5b366c11adc7632f94cd2cc7525f9b93bfea3
- SHA256
  
  a2d53e86197c92c8532daac73fde6cfbe913940fc2fbfd7f76f862879d83de73
- SHA512
  
  be1b5c53741b04b3d191fb32e4ddff468ac7cb735048b8bb9413fc8726b4e18c05b77395636170d47bf838c522541cea47cdefcb0a3071d67e57aa3a8248b763
- SSDEEP
  
  24576:3Mjhfa5aaH+5vgpD650+RFo6kF/5SrkGB8PGqooMWiI05bmktUNudtJjdPrF:K/nog50+Ri6kokGB9qoC1ab7SNudXjdZ
Score

10^/10

povertystealer discovery execution stealer
- Detect Poverty Stealer Payload
- Poverty Stealer
  Poverty Stealer is a crypto and infostealer written in C++.
  stealer povertystealer
- Povertystealer family
  povertystealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Command and Scripting Interpreter: PowerShell
  Run Powershell to execute payload.
  execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

povertystealerdiscoveryexecutionstealer

behavioral2

povertystealerdiscoveryexecutionstealer

© 2018-2025

Terms | Privacy