Overview

overview

10

Static

static

URLScan

urlscan

https://dropmefiles....

windows10_x64

10

Resubmissions

06-11-2021 18:20

211106-wyxw5scdbm 10

06-11-2021 18:16

211106-wwvzrscchr 8

06-11-2021 18:14

211106-wvldyacchj 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://dropmefiles.com/siP2T

  • Sample

    211106-wyxw5scdbm

Score
10/10
poullightspywarestealersuricatatrojanvmprotect

Malware Config

Targets

    • Target

      https://dropmefiles.com/siP2T

    Score
    10/10
    poullightspywarestealersuricatatrojanvmprotect

    • Poullight

      Poullight is an information stealer first seen in March 2020.

      trojanstealerpoullight

    • Poullight Stealer Payload

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • suricata: ET MALWARE Likely Malware CnC Hosted on 000webhostapp - POST to gate.php

      suricata: ET MALWARE Likely Malware CnC Hosted on 000webhostapp - POST to gate.php

      suricata

    • suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers

      suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers

      suricata

    • suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

      suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

      suricata

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks