General
-
Target
https://mega.nz/file/QhZ1QKrB#dmTpOSgCLHs_sP5OnUGWYDwPB-zfB95QKyeonpfbJKE
-
Sample
210728-ffpqfgdhxe
Score
10/10
Malware Config
Targets
-
-
Target
https://mega.nz/file/QhZ1QKrB#dmTpOSgCLHs_sP5OnUGWYDwPB-zfB95QKyeonpfbJKE
Score10/10-
Poullight
Poullight is an information stealer first seen in March 2020.
-
suricata: ET MALWARE Likely Malware CnC Hosted on 000webhostapp - POST to gate.php
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-