General
-
Target
cfe1c6bcb447ae13896a876e473912703a96c52b0db8d7362aa026ca31bd535f
-
Size
515KB
-
Sample
220508-xxj5bsfhc5
-
MD5
8d5f2486b1079ca616a5777ee1780c42
-
SHA1
726e086076e11f277df3d24fb5830b658458d42f
-
SHA256
cfe1c6bcb447ae13896a876e473912703a96c52b0db8d7362aa026ca31bd535f
-
SHA512
40157e363ceea085713dbd3a6a7ce0923f1f48923f7cc475c05f1d4f442314d0cc84b48b5684b188e3eac81d8c58eaece77dddefe48f5c6e73dce6ef6ed4f43f
Malware Config
Targets
-
-
Target
cfe1c6bcb447ae13896a876e473912703a96c52b0db8d7362aa026ca31bd535f
-
Size
515KB
-
MD5
8d5f2486b1079ca616a5777ee1780c42
-
SHA1
726e086076e11f277df3d24fb5830b658458d42f
-
SHA256
cfe1c6bcb447ae13896a876e473912703a96c52b0db8d7362aa026ca31bd535f
-
SHA512
40157e363ceea085713dbd3a6a7ce0923f1f48923f7cc475c05f1d4f442314d0cc84b48b5684b188e3eac81d8c58eaece77dddefe48f5c6e73dce6ef6ed4f43f
Score10/10-
Poullight
Poullight is an information stealer first seen in March 2020.
-
Poullight Stealer Payload
-
suricata: ET MALWARE Matrix Max Stealer Exfiltration Observed
suricata: ET MALWARE Matrix Max Stealer Exfiltration Observed
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
-
suricata: ET MALWARE Win32/X-Files Stealer Activity
suricata: ET MALWARE Win32/X-Files Stealer Activity
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-