General
-
Target
abe74eee7df3e17fffce1858c1defd482a585cfc0ad60a68fab4a21119adc186
-
Size
4.8MB
-
Sample
220312-ah3xkadba5
-
MD5
45f8507e73bdce9b9e1467709d29d5b0
-
SHA1
bc96a4350d48c08b08207c82d14ff2392f24aa8e
-
SHA256
abe74eee7df3e17fffce1858c1defd482a585cfc0ad60a68fab4a21119adc186
-
SHA512
2b05dea1ff7ba6ce3c62519f606943c962c496e189f6c69353f07549f1b3d4a0c3ef9517cc7248061fef692628d632e734594fe906739078b89868e7a9cb4e3a
Malware Config
Targets
-
-
Target
abe74eee7df3e17fffce1858c1defd482a585cfc0ad60a68fab4a21119adc186
-
Size
4.8MB
-
MD5
45f8507e73bdce9b9e1467709d29d5b0
-
SHA1
bc96a4350d48c08b08207c82d14ff2392f24aa8e
-
SHA256
abe74eee7df3e17fffce1858c1defd482a585cfc0ad60a68fab4a21119adc186
-
SHA512
2b05dea1ff7ba6ce3c62519f606943c962c496e189f6c69353f07549f1b3d4a0c3ef9517cc7248061fef692628d632e734594fe906739078b89868e7a9cb4e3a
Score10/10-
Poullight
Poullight is an information stealer first seen in March 2020.
-
Poullight Stealer Payload
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-