General
-
Target
SecuriteInfo.com.Trojan.PWS.Siggen3.39648.28831.24523.exe
-
Size
1.7MB
-
Sample
250222-qhdknsxkhp
-
MD5
356ccfc1d038c4bf5aa960b6d18bc9c5
-
SHA1
3507e3c30b44a318d15b30650744faa1c6c1169b
-
SHA256
bb745707746aa0b3053489a691ef41fa34f4d70364e9f06d53ee052bfcb24a7f
-
SHA512
dcf9897335f2992057e1a5ea571a2a98591caf79804a6275aa8bb4f1e9aa934aa2aa89424c5812722436d88bf70c7aea1d8a7843e9ba93d1ca41061253689ebd
-
SSDEEP
49152:0AAdKSAnSRwRAc1O94oBl/HWT3A8/pCfvh+G:0AAdKpBRAcwv/HQLonh
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Trojan.PWS.Siggen3.39648.28831.24523.exe
-
Size
1.7MB
-
MD5
356ccfc1d038c4bf5aa960b6d18bc9c5
-
SHA1
3507e3c30b44a318d15b30650744faa1c6c1169b
-
SHA256
bb745707746aa0b3053489a691ef41fa34f4d70364e9f06d53ee052bfcb24a7f
-
SHA512
dcf9897335f2992057e1a5ea571a2a98591caf79804a6275aa8bb4f1e9aa934aa2aa89424c5812722436d88bf70c7aea1d8a7843e9ba93d1ca41061253689ebd
-
SSDEEP
49152:0AAdKSAnSRwRAc1O94oBl/HWT3A8/pCfvh+G:0AAdKpBRAcwv/HQLonh
Score10/10-
Detect Poverty Stealer Payload
-
Poverty Stealer
Poverty Stealer is a crypto and infostealer written in C++.
-
Povertystealer family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1