General
-
Target
a93b695b8578516cc724273a2094d4130768a957310167383b099f6859558c84
-
Size
954KB
-
Sample
220520-1wzeeaedb4
-
MD5
3da0cddc659c276b12782372d135f34f
-
SHA1
3ab26c8831341fe28ce90a854d9c4f89400e5032
-
SHA256
a93b695b8578516cc724273a2094d4130768a957310167383b099f6859558c84
-
SHA512
1b3ab172f4b1f03b20669160d827bddb32639c4f54f099d4cc4cca812702fcaeaf47ef9837407c0e63a1463f5d86d52a8d1f0507a6988f0e6f1e67e4c1d982e6
Malware Config
Targets
-
-
Target
a93b695b8578516cc724273a2094d4130768a957310167383b099f6859558c84
-
Size
954KB
-
MD5
3da0cddc659c276b12782372d135f34f
-
SHA1
3ab26c8831341fe28ce90a854d9c4f89400e5032
-
SHA256
a93b695b8578516cc724273a2094d4130768a957310167383b099f6859558c84
-
SHA512
1b3ab172f4b1f03b20669160d827bddb32639c4f54f099d4cc4cca812702fcaeaf47ef9837407c0e63a1463f5d86d52a8d1f0507a6988f0e6f1e67e4c1d982e6
Score10/10-
Poullight
Poullight is an information stealer first seen in March 2020.
-
Poullight Stealer Payload
-
suricata: ET MALWARE Matrix Max Stealer Exfiltration Observed
suricata: ET MALWARE Matrix Max Stealer Exfiltration Observed
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
-
suricata: ET MALWARE Win32/X-Files Stealer Activity
suricata: ET MALWARE Win32/X-Files Stealer Activity
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-