General
-
Target
59cbea1c28d04adeb9e7e80f00700c64d042685d0f10a7a32cd092e5703a38a1
-
Size
515KB
-
Sample
220508-errm4saafn
-
MD5
418b9e449094989ce2d8018f2b249028
-
SHA1
d88ffaa50902882aa2678c8720ad0edb41af39bf
-
SHA256
59cbea1c28d04adeb9e7e80f00700c64d042685d0f10a7a32cd092e5703a38a1
-
SHA512
77ec4f9a3e842a015af0d14e043d67ea28d112222572a4569dd6020a4da8a19fe1040d9678c85492c109f6c9b931ac05a0c7dc9b1d87ca62aa3c1e1ddb3c3588
Static task
static1
Behavioral task
behavioral1
Sample
59cbea1c28d04adeb9e7e80f00700c64d042685d0f10a7a32cd092e5703a38a1.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
59cbea1c28d04adeb9e7e80f00700c64d042685d0f10a7a32cd092e5703a38a1
-
Size
515KB
-
MD5
418b9e449094989ce2d8018f2b249028
-
SHA1
d88ffaa50902882aa2678c8720ad0edb41af39bf
-
SHA256
59cbea1c28d04adeb9e7e80f00700c64d042685d0f10a7a32cd092e5703a38a1
-
SHA512
77ec4f9a3e842a015af0d14e043d67ea28d112222572a4569dd6020a4da8a19fe1040d9678c85492c109f6c9b931ac05a0c7dc9b1d87ca62aa3c1e1ddb3c3588
-
Poullight Stealer Payload
-
suricata: ET MALWARE Matrix Max Stealer Exfiltration Observed
suricata: ET MALWARE Matrix Max Stealer Exfiltration Observed
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
-
suricata: ET MALWARE Win32/X-Files Stealer Activity
suricata: ET MALWARE Win32/X-Files Stealer Activity
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-