General
Static task
static1
URLScan task
urlscan1
Sample
https://dropmefiles.com/siP2T
Malware Config
Targets
-
-
Poullight Stealer Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
suricata: ET MALWARE Likely Malware CnC Hosted on 000webhostapp - POST to gate.php
suricata: ET MALWARE Likely Malware CnC Hosted on 000webhostapp - POST to gate.php
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
-
Executes dropped EXE
-
Loads dropped DLL