General
-
Target
d91a59d7389e867572de42303caf07f85aa6ba13685c47fcf2f8ba1c8cde8d29
-
Size
515KB
-
Sample
220502-3wtj9scfb9
-
MD5
44f6d2d963dc3765b4f40deb9b65a1ad
-
SHA1
6141a491d23d23240ad595fc654eab3c441e34ed
-
SHA256
d91a59d7389e867572de42303caf07f85aa6ba13685c47fcf2f8ba1c8cde8d29
-
SHA512
a0bfa528f8b1853bc53bc5a8e55d1654fbb407c2dd53b30f930e82311bc2025c02fc3bdb994f5ecc478b89db47790a8a6be2398b84f5d87d0213fead4bf6f837
Malware Config
Targets
-
-
Target
d91a59d7389e867572de42303caf07f85aa6ba13685c47fcf2f8ba1c8cde8d29
-
Size
515KB
-
MD5
44f6d2d963dc3765b4f40deb9b65a1ad
-
SHA1
6141a491d23d23240ad595fc654eab3c441e34ed
-
SHA256
d91a59d7389e867572de42303caf07f85aa6ba13685c47fcf2f8ba1c8cde8d29
-
SHA512
a0bfa528f8b1853bc53bc5a8e55d1654fbb407c2dd53b30f930e82311bc2025c02fc3bdb994f5ecc478b89db47790a8a6be2398b84f5d87d0213fead4bf6f837
Score10/10-
Poullight
Poullight is an information stealer first seen in March 2020.
-
Poullight Stealer Payload
-
suricata: ET MALWARE Matrix Max Stealer Exfiltration Observed
suricata: ET MALWARE Matrix Max Stealer Exfiltration Observed
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
-
suricata: ET MALWARE Win32/X-Files Stealer Activity
suricata: ET MALWARE Win32/X-Files Stealer Activity
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-