Overview

overview

10

Static

static

edca2f8c36...09.exe

windows7_x64

10

edca2f8c36...09.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    edca2f8c36f24dc6520a168a499c477ff880a0fb679bf3e08b227afb42805309

  • Size

    151KB

  • Sample

    220508-gz5wtacban

  • MD5

    9343386c659f66a4ddf860b64cf1fc55

  • SHA1

    9977986d2c647a9a51ec2a777d510d77f6006232

  • SHA256

    edca2f8c36f24dc6520a168a499c477ff880a0fb679bf3e08b227afb42805309

  • SHA512

    0a0a13acd2677fa5584dbc54bfe88358ffd8288002c6c23c9e3f7995d5b10c19fee588daf0df2a5030559af7c820d7a36b0f62aed6e514343769d0873256fd6b

Score
10/10
poullightspywarestealersuricatatrojan

Malware Config

Targets

    • Target

      edca2f8c36f24dc6520a168a499c477ff880a0fb679bf3e08b227afb42805309

    • Size

      151KB

    • MD5

      9343386c659f66a4ddf860b64cf1fc55

    • SHA1

      9977986d2c647a9a51ec2a777d510d77f6006232

    • SHA256

      edca2f8c36f24dc6520a168a499c477ff880a0fb679bf3e08b227afb42805309

    • SHA512

      0a0a13acd2677fa5584dbc54bfe88358ffd8288002c6c23c9e3f7995d5b10c19fee588daf0df2a5030559af7c820d7a36b0f62aed6e514343769d0873256fd6b

    Score
    10/10
    poullightspywarestealersuricatatrojan

    • Poullight

      Poullight is an information stealer first seen in March 2020.

      trojanstealerpoullight

    • Poullight Stealer Payload

    • suricata: ET MALWARE Likely Malware CnC Hosted on 000webhostapp - POST to gate.php

      suricata: ET MALWARE Likely Malware CnC Hosted on 000webhostapp - POST to gate.php

      suricata

    • suricata: ET MALWARE Matrix Max Stealer Exfiltration Observed

      suricata: ET MALWARE Matrix Max Stealer Exfiltration Observed

      suricata

    • suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers

      suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers

      suricata

    • suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

      suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

      suricata

    • suricata: ET MALWARE Win32/X-Files Stealer Activity

      suricata: ET MALWARE Win32/X-Files Stealer Activity

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks