Overview

overview

10

Static

static

d42645562b...0e.exe

windows7_x64

10

d42645562b...0e.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d42645562bb1cdc522100a017353eeb57b75be15e35ed9d1c225452469e72b0e

  • Size

    515KB

  • Sample

    220507-3gnepscfhl

  • MD5

    1ed9caa53a1c162c5c1d3d54ad8dfcd2

  • SHA1

    9933ba50d7fa299a2e1b7b0db71767ead0ff19a0

  • SHA256

    d42645562bb1cdc522100a017353eeb57b75be15e35ed9d1c225452469e72b0e

  • SHA512

    c6fd52990d0653f5483a2e59cfcaee66159d171afb0a3b4ab33246726331b28a2f712ee93a1228d94e36a908a7e2c7ab9f7170a9ccf7934e3f441b045228c839

Score
10/10
poullightspywarestealertrojan

Malware Config

Targets

    • Target

      d42645562bb1cdc522100a017353eeb57b75be15e35ed9d1c225452469e72b0e

    • Size

      515KB

    • MD5

      1ed9caa53a1c162c5c1d3d54ad8dfcd2

    • SHA1

      9933ba50d7fa299a2e1b7b0db71767ead0ff19a0

    • SHA256

      d42645562bb1cdc522100a017353eeb57b75be15e35ed9d1c225452469e72b0e

    • SHA512

      c6fd52990d0653f5483a2e59cfcaee66159d171afb0a3b4ab33246726331b28a2f712ee93a1228d94e36a908a7e2c7ab9f7170a9ccf7934e3f441b045228c839

    Score
    10/10
    poullightspywarestealertrojan

    • Poullight

      Poullight is an information stealer first seen in March 2020.

      trojanstealerpoullight

    • Poullight Stealer Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks