poullight

General

Target

1f0bd4d06afe14ac132041dd2a00bc8a1e9e365da51e95abd48c2dc5187f2adb
Size

515KB
Sample

220503-sf6jsacdck
MD5

22fc7ac275911cacec082e0bf88b8cfc
SHA1

48dbcfac99b8441dd44514506191ef8e116cd69f
SHA256

1f0bd4d06afe14ac132041dd2a00bc8a1e9e365da51e95abd48c2dc5187f2adb
SHA512

882d847c0e1549ba9c36aed7972116d4930839742e3da62e6e93a237934ddd7cb7b612b9ff8c83cba647e01cabe0e4d7746002940408f4fc36448ed4a391e34e

Score

10^/10

Malware Config

Targets

- Target
  
  1f0bd4d06afe14ac132041dd2a00bc8a1e9e365da51e95abd48c2dc5187f2adb
- Size
  
  515KB
- MD5
  
  22fc7ac275911cacec082e0bf88b8cfc
- SHA1
  
  48dbcfac99b8441dd44514506191ef8e116cd69f
- SHA256
  
  1f0bd4d06afe14ac132041dd2a00bc8a1e9e365da51e95abd48c2dc5187f2adb
- SHA512
  
  882d847c0e1549ba9c36aed7972116d4930839742e3da62e6e93a237934ddd7cb7b612b9ff8c83cba647e01cabe0e4d7746002940408f4fc36448ed4a391e34e
Score

10^/10

poullight spyware stealer suricata trojan
- Poullight
  Poullight is an information stealer first seen in March 2020.
  trojan stealer poullight
- Poullight Stealer Payload
- suricata: ET MALWARE Matrix Max Stealer Exfiltration Observed
  suricata: ET MALWARE Matrix Max Stealer Exfiltration Observed
  suricata
- suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
  suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
  suricata
- suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
  suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
  suricata
- suricata: ET MALWARE Win32/X-Files Stealer Activity
  suricata: ET MALWARE Win32/X-Files Stealer Activity
  suricata
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Poullight Stealer Payload

suricata: ET MALWARE Matrix Max Stealer Exfiltration Observed

suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers

suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

suricata: ET MALWARE Win32/X-Files Stealer Activity

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Reads user/profile data of web browsers

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2