povertystealer | 9346689e8eda0f44f2d5a66b81398e8358906c879a568038756e01d1d99c1c33 | Triage

Sharing

General

Target

2025-03-31_78f026bbf3872e33c80f58b2aeb5b376_black-basta_cobalt-strike_satacom
Size

356KB
Sample

250331-tyttdawmv6
MD5

78f026bbf3872e33c80f58b2aeb5b376
SHA1

1650fd7bd7eecb5ca03bb4bca78ffb49e860eb5d
SHA256

9346689e8eda0f44f2d5a66b81398e8358906c879a568038756e01d1d99c1c33
SHA512

890c0302f21869b488cc39518855a37214b5649729c9b880e114944b8bf0c2dbac7889928ab3c493d6d04428032328f9090ef42274d1f5918abf7779a78b9202
SSDEEP

6144:Mrgjoi8Suh6lw+JA+ZsP3Z8sJuZWLFUosnPs++:Mi8bh6Ch+ZsPpzuZWeosn

Score

10^/10

povertystealer discovery execution spyware stealer

Malware Config

Targets

- Target
  
  2025-03-31_78f026bbf3872e33c80f58b2aeb5b376_black-basta_cobalt-strike_satacom
- Size
  
  356KB
- MD5
  
  78f026bbf3872e33c80f58b2aeb5b376
- SHA1
  
  1650fd7bd7eecb5ca03bb4bca78ffb49e860eb5d
- SHA256
  
  9346689e8eda0f44f2d5a66b81398e8358906c879a568038756e01d1d99c1c33
- SHA512
  
  890c0302f21869b488cc39518855a37214b5649729c9b880e114944b8bf0c2dbac7889928ab3c493d6d04428032328f9090ef42274d1f5918abf7779a78b9202
- SSDEEP
  
  6144:Mrgjoi8Suh6lw+JA+ZsP3Z8sJuZWLFUosnPs++:Mi8bh6Ch+ZsPpzuZWeosn
Score

10^/10

povertystealer discovery execution spyware stealer
- Detect Poverty Stealer Payload
- Poverty Stealer
  Poverty Stealer is a crypto and infostealer written in C++.
  stealer povertystealer
- Povertystealer family
  povertystealer
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

povertystealerdiscoveryexecutionspywarestealer