Overview

overview

10

Static

static

13add5fa2b...51.exe

windows7_x64

10

13add5fa2b...51.exe

windows10-2004_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    13add5fa2b81c97862ea5002568442252dd0fbd4159228ed48b41704b4288b51

  • Size

    9.8MB

  • Sample

    220503-x15v7sdcak

  • MD5

    cb51ae996b700ee7bdea174e68be0d1f

  • SHA1

    51b4827138e91bbc786e18c2cf8359fce208f23e

  • SHA256

    13add5fa2b81c97862ea5002568442252dd0fbd4159228ed48b41704b4288b51

  • SHA512

    4ecaab37da9352c9264b68cd0b9ca0392b6ec7cbc1017e703ed139285c5f1ef499f56a64ccc0543fb00769201c406226d2cce4074e56f70d31ee33cd71d0117a

Score
10/10
poullightspywarestealertrojan

Malware Config

Targets

    • Target

      13add5fa2b81c97862ea5002568442252dd0fbd4159228ed48b41704b4288b51

    • Size

      9.8MB

    • MD5

      cb51ae996b700ee7bdea174e68be0d1f

    • SHA1

      51b4827138e91bbc786e18c2cf8359fce208f23e

    • SHA256

      13add5fa2b81c97862ea5002568442252dd0fbd4159228ed48b41704b4288b51

    • SHA512

      4ecaab37da9352c9264b68cd0b9ca0392b6ec7cbc1017e703ed139285c5f1ef499f56a64ccc0543fb00769201c406226d2cce4074e56f70d31ee33cd71d0117a

    Score
    10/10
    poullightspywarestealertrojan

    • Poullight

      Poullight is an information stealer first seen in March 2020.

      trojanstealerpoullight

    • Poullight Stealer Payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks