General
-
Target
c150b55e27fbf69be95207029c30c00576b11dfba3fecb74094659fb2c24f7dd
-
Size
3.7MB
-
Sample
210511-16gglaw35x
-
MD5
1b39000de7307538e113323053d118f7
-
SHA1
40bb1733dd3ad35521fee0675698370dfa1aae6e
-
SHA256
c150b55e27fbf69be95207029c30c00576b11dfba3fecb74094659fb2c24f7dd
-
SHA512
76a66c908a6501652ce0bd3a893e8aa2db8f73f1c80e487c56e8d67b69a452aa3e0ea6de7ba3a546dd9939bbe619abef9128b29745598c4af189b64397b51a34
Malware Config
Targets
-
-
Target
c150b55e27fbf69be95207029c30c00576b11dfba3fecb74094659fb2c24f7dd
-
Size
3.7MB
-
MD5
1b39000de7307538e113323053d118f7
-
SHA1
40bb1733dd3ad35521fee0675698370dfa1aae6e
-
SHA256
c150b55e27fbf69be95207029c30c00576b11dfba3fecb74094659fb2c24f7dd
-
SHA512
76a66c908a6501652ce0bd3a893e8aa2db8f73f1c80e487c56e8d67b69a452aa3e0ea6de7ba3a546dd9939bbe619abef9128b29745598c4af189b64397b51a34
Score10/10-
Poullight
Poullight is an information stealer first seen in March 2020.
-
Poullight Stealer Payload
-
Executes dropped EXE
-
Suspicious Office macro
Office document equipped with macros.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-