General
-
Target
cfe1c6bcb447ae13896a876e473912703a96c52b0db8d7362aa026ca31bd535f
-
Size
515KB
-
Sample
220508-xxj5bsfhc5
-
MD5
8d5f2486b1079ca616a5777ee1780c42
-
SHA1
726e086076e11f277df3d24fb5830b658458d42f
-
SHA256
cfe1c6bcb447ae13896a876e473912703a96c52b0db8d7362aa026ca31bd535f
-
SHA512
40157e363ceea085713dbd3a6a7ce0923f1f48923f7cc475c05f1d4f442314d0cc84b48b5684b188e3eac81d8c58eaece77dddefe48f5c6e73dce6ef6ed4f43f
Static task
static1
Behavioral task
behavioral1
Sample
cfe1c6bcb447ae13896a876e473912703a96c52b0db8d7362aa026ca31bd535f.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
cfe1c6bcb447ae13896a876e473912703a96c52b0db8d7362aa026ca31bd535f
-
Size
515KB
-
MD5
8d5f2486b1079ca616a5777ee1780c42
-
SHA1
726e086076e11f277df3d24fb5830b658458d42f
-
SHA256
cfe1c6bcb447ae13896a876e473912703a96c52b0db8d7362aa026ca31bd535f
-
SHA512
40157e363ceea085713dbd3a6a7ce0923f1f48923f7cc475c05f1d4f442314d0cc84b48b5684b188e3eac81d8c58eaece77dddefe48f5c6e73dce6ef6ed4f43f
-
Poullight Stealer Payload
-
suricata: ET MALWARE Matrix Max Stealer Exfiltration Observed
suricata: ET MALWARE Matrix Max Stealer Exfiltration Observed
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
-
suricata: ET MALWARE Win32/X-Files Stealer Activity
suricata: ET MALWARE Win32/X-Files Stealer Activity
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-