Overview

overview

10

Static

static

195d1e5346...29.exe

windows7_x64

10

195d1e5346...29.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    195d1e5346987523a6700257c747427f56d5562368f7305d964bbcfee56bbd29

  • Size

    515KB

  • Sample

    220427-rfbhzageg6

  • MD5

    1978b7912d4575831e9fe4b6feb7f8e6

  • SHA1

    beeb41ecf84c7de3fe9a7758b3c12f7f7da9e1ef

  • SHA256

    195d1e5346987523a6700257c747427f56d5562368f7305d964bbcfee56bbd29

  • SHA512

    289a2c2dafec5e9ebd396ba95af3e9e762a98b981d8cb71f41827321046502315fbd8a1dccaae2bbfaae5efe4834457c21b9befdca135a194ec8874ecc29dc10

Score
10/10
poullightspywarestealertrojan

Malware Config

Targets

    • Target

      195d1e5346987523a6700257c747427f56d5562368f7305d964bbcfee56bbd29

    • Size

      515KB

    • MD5

      1978b7912d4575831e9fe4b6feb7f8e6

    • SHA1

      beeb41ecf84c7de3fe9a7758b3c12f7f7da9e1ef

    • SHA256

      195d1e5346987523a6700257c747427f56d5562368f7305d964bbcfee56bbd29

    • SHA512

      289a2c2dafec5e9ebd396ba95af3e9e762a98b981d8cb71f41827321046502315fbd8a1dccaae2bbfaae5efe4834457c21b9befdca135a194ec8874ecc29dc10

    Score
    10/10
    poullightspywarestealertrojan

    • Poullight

      Poullight is an information stealer first seen in March 2020.

      trojanstealerpoullight

    • Poullight Stealer Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks