Overview

overview

10

Static

static

435c9e12d8...34.exe

windows7_x64

10

435c9e12d8...34.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    435c9e12d8c0f1e07e43a2154ed4752b5a037e69d9e88522f9c80e6a4ae83a34

  • Size

    515KB

  • Sample

    220427-reg95aged7

  • MD5

    ad552d70cef0c066811758ccf2bca571

  • SHA1

    7d12f604047eb7a28332e2c33e72e9af8c8ccb2d

  • SHA256

    435c9e12d8c0f1e07e43a2154ed4752b5a037e69d9e88522f9c80e6a4ae83a34

  • SHA512

    4a0dc9241ce771f4c151f745a80f1a79ef9f73768fd99714a1e1bfeabc4d1f4bf8c857b58ffc2b87de645041e62af66aacc9387ca722332b622d8fd476711180

Score
10/10
poullightspywarestealertrojan

Malware Config

Targets

    • Target

      435c9e12d8c0f1e07e43a2154ed4752b5a037e69d9e88522f9c80e6a4ae83a34

    • Size

      515KB

    • MD5

      ad552d70cef0c066811758ccf2bca571

    • SHA1

      7d12f604047eb7a28332e2c33e72e9af8c8ccb2d

    • SHA256

      435c9e12d8c0f1e07e43a2154ed4752b5a037e69d9e88522f9c80e6a4ae83a34

    • SHA512

      4a0dc9241ce771f4c151f745a80f1a79ef9f73768fd99714a1e1bfeabc4d1f4bf8c857b58ffc2b87de645041e62af66aacc9387ca722332b622d8fd476711180

    Score
    10/10
    poullightspywarestealertrojan

    • Poullight

      Poullight is an information stealer first seen in March 2020.

      trojanstealerpoullight

    • Poullight Stealer Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks