Overview

overview

10

Static

static

samp.exe

windows7_x64

10

samp.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    samp.exe

  • Size

    485KB

  • Sample

    210508-794b56l36e

  • MD5

    3086634eae7227bf02194ff41425285b

  • SHA1

    2ffa9a150bdf381d85a8329da0bf738b9d6b7070

  • SHA256

    a6d1ddce9ba33a244313f7e06fc432276d07f5757c7677b144399061ad6dd90a

  • SHA512

    c64ab726bb413c6b61e4d5592f93956594ad661761e584505a279a42b0734ffc1595ccc0b981660c83104edf75918167799d5429b5ef338c584069e1c9b85dbb

Score
10/10
poullightspywarestealertrojanupx

Malware Config

Targets

    • Target

      samp.exe

    • Size

      485KB

    • MD5

      3086634eae7227bf02194ff41425285b

    • SHA1

      2ffa9a150bdf381d85a8329da0bf738b9d6b7070

    • SHA256

      a6d1ddce9ba33a244313f7e06fc432276d07f5757c7677b144399061ad6dd90a

    • SHA512

      c64ab726bb413c6b61e4d5592f93956594ad661761e584505a279a42b0734ffc1595ccc0b981660c83104edf75918167799d5429b5ef338c584069e1c9b85dbb

    Score
    10/10
    poullightspywarestealertrojanupx

    • Poullight

      Poullight is an information stealer first seen in March 2020.

      trojanstealerpoullight

    • Poullight Stealer Payload

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks