Overview

overview

10

Static

static

eufive_202...01.exe

windows7_x64

10

eufive_202...01.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eufive_20210816-144801

  • Size

    482KB

  • Sample

    210817-gml4enyhya

  • MD5

    5ba895fb23729ffbb001e5dfe74aa132

  • SHA1

    7a2b094329f369ff5a67971c3a71c46775e93000

  • SHA256

    7fc66f244e022341520c4af91172ec3833c36b95624ee5c510086cd8d71db7ae

  • SHA512

    34ad4a38eb4983018e1c626550378ef4622be2fb02b74d1bacf9155cc835fb838a092c53b5b46e1ee45eac4ba13e723e661bb5e969480a56d2839d14d79c8cde

Score
10/10
poullightstealertrojan

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://cdn.discordapp.com/attachments/875404916150116402/875405053467459594/Minutes.txt

Targets

    • Target

      eufive_20210816-144801

    • Size

      482KB

    • MD5

      5ba895fb23729ffbb001e5dfe74aa132

    • SHA1

      7a2b094329f369ff5a67971c3a71c46775e93000

    • SHA256

      7fc66f244e022341520c4af91172ec3833c36b95624ee5c510086cd8d71db7ae

    • SHA512

      34ad4a38eb4983018e1c626550378ef4622be2fb02b74d1bacf9155cc835fb838a092c53b5b46e1ee45eac4ba13e723e661bb5e969480a56d2839d14d79c8cde

    Score
    10/10
    poullightstealertrojan

    • Poullight

      Poullight is an information stealer first seen in March 2020.

      trojanstealerpoullight

    • Poullight Stealer Payload

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks