Overview

overview

10

Static

static

3

bb74570774...7f.exe

windows7-x64

10

bb74570774...7f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23/02/2025, 02:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bb745707746aa0b3053489a691ef41fa34f4d70364e9f06d53ee052bfcb24a7f.exe

  • Size

    1.7MB

  • MD5

    356ccfc1d038c4bf5aa960b6d18bc9c5

  • SHA1

    3507e3c30b44a318d15b30650744faa1c6c1169b

  • SHA256

    bb745707746aa0b3053489a691ef41fa34f4d70364e9f06d53ee052bfcb24a7f

  • SHA512

    dcf9897335f2992057e1a5ea571a2a98591caf79804a6275aa8bb4f1e9aa934aa2aa89424c5812722436d88bf70c7aea1d8a7843e9ba93d1ca41061253689ebd

  • SSDEEP

    49152:0AAdKSAnSRwRAc1O94oBl/HWT3A8/pCfvh+G:0AAdKpBRAcwv/HQLonh

Score
10/10
povertystealerdefense_evasiondiscoveryspywarestealer

Malware Config

Signatures

  • Detect Poverty Stealer Payload 6 IoCs
  • Poverty Stealer

    Poverty Stealer is a crypto and infostealer written in C++.

    stealerpovertystealer
  • Povertystealer family
    povertystealer
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    defense_evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bb745707746aa0b3053489a691ef41fa34f4d70364e9f06d53ee052bfcb24a7f.exe
    "C:\Users\Admin\AppData\Local\Temp\bb745707746aa0b3053489a691ef41fa34f4d70364e9f06d53ee052bfcb24a7f.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:1660

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1660-0-0x00000000012E0000-0x0000000001724000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/1660-1-0x0000000077680000-0x0000000077682000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1660-2-0x00000000012E1000-0x00000000012E9000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1660-3-0x00000000012E0000-0x0000000001724000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/1660-4-0x00000000012E0000-0x0000000001724000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/1660-5-0x00000000012E0000-0x0000000001724000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/1660-7-0x00000000012E0000-0x0000000001724000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/1660-8-0x00000000012E1000-0x00000000012E9000-memory.dmp

    Filesize

    32KB

    Download