General
-
Target
9593b9378472dcb8e5e4adef932671382b6a9c7e4a2a06c3cfe72de5279c3837
-
Size
515KB
-
Sample
220508-xxmkfsfhc8
-
MD5
4f49935909c402b073e2bcf0df3320ec
-
SHA1
ce5eb1fa3286c03169823393efb7ed93fabf1e0f
-
SHA256
9593b9378472dcb8e5e4adef932671382b6a9c7e4a2a06c3cfe72de5279c3837
-
SHA512
c68243a392bbc200e82af219d6011a80d73d23dd3d91ed2106ae1e1c480741a986871913eae077b8c0bf2758e16b4184c899a2569a801dd7d3fb4ff18b6c77eb
Malware Config
Targets
-
-
Target
9593b9378472dcb8e5e4adef932671382b6a9c7e4a2a06c3cfe72de5279c3837
-
Size
515KB
-
MD5
4f49935909c402b073e2bcf0df3320ec
-
SHA1
ce5eb1fa3286c03169823393efb7ed93fabf1e0f
-
SHA256
9593b9378472dcb8e5e4adef932671382b6a9c7e4a2a06c3cfe72de5279c3837
-
SHA512
c68243a392bbc200e82af219d6011a80d73d23dd3d91ed2106ae1e1c480741a986871913eae077b8c0bf2758e16b4184c899a2569a801dd7d3fb4ff18b6c77eb
Score10/10-
Poullight
Poullight is an information stealer first seen in March 2020.
-
Poullight Stealer Payload
-
suricata: ET MALWARE Matrix Max Stealer Exfiltration Observed
suricata: ET MALWARE Matrix Max Stealer Exfiltration Observed
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
-
suricata: ET MALWARE Win32/X-Files Stealer Activity
suricata: ET MALWARE Win32/X-Files Stealer Activity
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-