General
-
Target
abe74eee7df3e17fffce1858c1defd482a585cfc0ad60a68fab4a21119adc186
-
Size
4.8MB
-
Sample
220312-ah3xkadba5
-
MD5
45f8507e73bdce9b9e1467709d29d5b0
-
SHA1
bc96a4350d48c08b08207c82d14ff2392f24aa8e
-
SHA256
abe74eee7df3e17fffce1858c1defd482a585cfc0ad60a68fab4a21119adc186
-
SHA512
2b05dea1ff7ba6ce3c62519f606943c962c496e189f6c69353f07549f1b3d4a0c3ef9517cc7248061fef692628d632e734594fe906739078b89868e7a9cb4e3a
Static task
static1
Behavioral task
behavioral1
Sample
abe74eee7df3e17fffce1858c1defd482a585cfc0ad60a68fab4a21119adc186.exe
Resource
win7-20220311-en
Malware Config
Targets
-
-
Target
abe74eee7df3e17fffce1858c1defd482a585cfc0ad60a68fab4a21119adc186
-
Size
4.8MB
-
MD5
45f8507e73bdce9b9e1467709d29d5b0
-
SHA1
bc96a4350d48c08b08207c82d14ff2392f24aa8e
-
SHA256
abe74eee7df3e17fffce1858c1defd482a585cfc0ad60a68fab4a21119adc186
-
SHA512
2b05dea1ff7ba6ce3c62519f606943c962c496e189f6c69353f07549f1b3d4a0c3ef9517cc7248061fef692628d632e734594fe906739078b89868e7a9cb4e3a
-
Poullight Stealer Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-