Overview

overview

10

Static

static

a93b695b85...84.exe

windows7_x64

10

a93b695b85...84.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    149s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    20-05-2022 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a93b695b8578516cc724273a2094d4130768a957310167383b099f6859558c84.exe

  • Size

    954KB

  • MD5

    3da0cddc659c276b12782372d135f34f

  • SHA1

    3ab26c8831341fe28ce90a854d9c4f89400e5032

  • SHA256

    a93b695b8578516cc724273a2094d4130768a957310167383b099f6859558c84

  • SHA512

    1b3ab172f4b1f03b20669160d827bddb32639c4f54f099d4cc4cca812702fcaeaf47ef9837407c0e63a1463f5d86d52a8d1f0507a6988f0e6f1e67e4c1d982e6

Score
10/10
poullightspywarestealersuricatatrojan

Malware Config

Signatures

  • Poullight

    Poullight is an information stealer first seen in March 2020.

    trojanstealerpoullight
  • Poullight Stealer Payload 1 IoCs
  • suricata: ET MALWARE Matrix Max Stealer Exfiltration Observed

    suricata: ET MALWARE Matrix Max Stealer Exfiltration Observed

    suricata
  • suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers

    suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers

    suricata
  • suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

    suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

    suricata
  • suricata: ET MALWARE Win32/X-Files Stealer Activity

    suricata: ET MALWARE Win32/X-Files Stealer Activity

    suricata
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a93b695b8578516cc724273a2094d4130768a957310167383b099f6859558c84.exe
    "C:\Users\Admin\AppData\Local\Temp\a93b695b8578516cc724273a2094d4130768a957310167383b099f6859558c84.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4832

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4832-130-0x00000000008C0000-0x0000000000C44000-memory.dmp
    Filesize

    3.5MB

    Download
  • memory/4832-131-0x0000000006110000-0x00000000066B4000-memory.dmp
    Filesize

    5.6MB

    Download
  • memory/4832-132-0x0000000005C40000-0x0000000005CD2000-memory.dmp
    Filesize

    584KB

    Download
  • memory/4832-133-0x0000000005BE0000-0x0000000005BEA000-memory.dmp
    Filesize

    40KB

    Download
  • memory/4832-134-0x0000000005D50000-0x0000000005DB6000-memory.dmp
    Filesize

    408KB

    Download
  • memory/4832-135-0x00000000060F0000-0x00000000060FA000-memory.dmp
    Filesize

    40KB

    Download
  • memory/4832-136-0x0000000007E40000-0x0000000008002000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/4832-137-0x0000000008540000-0x0000000008A6C000-memory.dmp
    Filesize

    5.2MB

    Download
  • memory/4832-138-0x0000000007DD0000-0x0000000007DE2000-memory.dmp
    Filesize

    72KB

    Download