General
-
Target
CODWCheats.exe
-
Size
9.4MB
-
Sample
210728-gj4qqpa47s
-
MD5
2c7c0b89e187bac9cea3c0c285591852
-
SHA1
5999c0c5086ecd7f71de61b565068d12f3291ef7
-
SHA256
33314a958e790feedb53ae8cc727e2b8c737084f5ea5d66138924ae94aa571d4
-
SHA512
56b03915330e59347a6c2b81dcb99cb988a859787563d8bf2582d7823f642d532e5fa2f93606bf0e25bc47024ff2ee2c4a4248c31e8096d8f32080dd38c4e454
Malware Config
Targets
-
-
Target
CODWCheats.exe
-
Size
9.4MB
-
MD5
2c7c0b89e187bac9cea3c0c285591852
-
SHA1
5999c0c5086ecd7f71de61b565068d12f3291ef7
-
SHA256
33314a958e790feedb53ae8cc727e2b8c737084f5ea5d66138924ae94aa571d4
-
SHA512
56b03915330e59347a6c2b81dcb99cb988a859787563d8bf2582d7823f642d532e5fa2f93606bf0e25bc47024ff2ee2c4a4248c31e8096d8f32080dd38c4e454
Score10/10-
Poullight
Poullight is an information stealer first seen in March 2020.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
suricata: ET MALWARE Likely Malware CnC Hosted on 000webhostapp - POST to gate.php
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-