General
-
Target
d42645562bb1cdc522100a017353eeb57b75be15e35ed9d1c225452469e72b0e
-
Size
515KB
-
Sample
220507-3gnepscfhl
-
MD5
1ed9caa53a1c162c5c1d3d54ad8dfcd2
-
SHA1
9933ba50d7fa299a2e1b7b0db71767ead0ff19a0
-
SHA256
d42645562bb1cdc522100a017353eeb57b75be15e35ed9d1c225452469e72b0e
-
SHA512
c6fd52990d0653f5483a2e59cfcaee66159d171afb0a3b4ab33246726331b28a2f712ee93a1228d94e36a908a7e2c7ab9f7170a9ccf7934e3f441b045228c839
Malware Config
Targets
-
-
Target
d42645562bb1cdc522100a017353eeb57b75be15e35ed9d1c225452469e72b0e
-
Size
515KB
-
MD5
1ed9caa53a1c162c5c1d3d54ad8dfcd2
-
SHA1
9933ba50d7fa299a2e1b7b0db71767ead0ff19a0
-
SHA256
d42645562bb1cdc522100a017353eeb57b75be15e35ed9d1c225452469e72b0e
-
SHA512
c6fd52990d0653f5483a2e59cfcaee66159d171afb0a3b4ab33246726331b28a2f712ee93a1228d94e36a908a7e2c7ab9f7170a9ccf7934e3f441b045228c839
Score10/10-
Poullight
Poullight is an information stealer first seen in March 2020.
-
Poullight Stealer Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-