poullight

General

Target

59cbea1c28d04adeb9e7e80f00700c64d042685d0f10a7a32cd092e5703a38a1
Size

515KB
Sample

220508-errm4saafn
MD5

418b9e449094989ce2d8018f2b249028
SHA1

d88ffaa50902882aa2678c8720ad0edb41af39bf
SHA256

59cbea1c28d04adeb9e7e80f00700c64d042685d0f10a7a32cd092e5703a38a1
SHA512

77ec4f9a3e842a015af0d14e043d67ea28d112222572a4569dd6020a4da8a19fe1040d9678c85492c109f6c9b931ac05a0c7dc9b1d87ca62aa3c1e1ddb3c3588

Score

10^/10

Malware Config

Targets

- Target
  
  59cbea1c28d04adeb9e7e80f00700c64d042685d0f10a7a32cd092e5703a38a1
- Size
  
  515KB
- MD5
  
  418b9e449094989ce2d8018f2b249028
- SHA1
  
  d88ffaa50902882aa2678c8720ad0edb41af39bf
- SHA256
  
  59cbea1c28d04adeb9e7e80f00700c64d042685d0f10a7a32cd092e5703a38a1
- SHA512
  
  77ec4f9a3e842a015af0d14e043d67ea28d112222572a4569dd6020a4da8a19fe1040d9678c85492c109f6c9b931ac05a0c7dc9b1d87ca62aa3c1e1ddb3c3588
Score

10^/10

poullight spyware stealer trojan suricata
- Poullight
  Poullight is an information stealer first seen in March 2020.
  trojan stealer poullight
- Poullight Stealer Payload
- suricata: ET MALWARE Matrix Max Stealer Exfiltration Observed
  suricata: ET MALWARE Matrix Max Stealer Exfiltration Observed
  suricata
- suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
  suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
  suricata
- suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
  suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
  suricata
- suricata: ET MALWARE Win32/X-Files Stealer Activity
  suricata: ET MALWARE Win32/X-Files Stealer Activity
  suricata
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Data from Local System

1

T1005

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

Poullight Stealer Payload

suricata: ET MALWARE Matrix Max Stealer Exfiltration Observed

suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers

suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

suricata: ET MALWARE Win32/X-Files Stealer Activity

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Reads user/profile data of web browsers

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2