General
-
Target
a3ddb7439f1d6e996ed7dc74a257b32a4dc0d5c0567b9752b658177de0084b0b
-
Size
1.3MB
-
Sample
220520-2mrhwaaffq
-
MD5
7f3c87f33433b322b440b546e3a638ab
-
SHA1
149592f8b46d4f7210e0a260b89ab55a0eb73a73
-
SHA256
a3ddb7439f1d6e996ed7dc74a257b32a4dc0d5c0567b9752b658177de0084b0b
-
SHA512
3346b6217af345efec567bf3aea88001fe1830f13c274ffde4e87a949f05b0eaea5ab4dea08ddde01dde31ccaf2cf2c89ca6012a25a277983d064e181a437641
Static task
static1
Behavioral task
behavioral1
Sample
a3ddb7439f1d6e996ed7dc74a257b32a4dc0d5c0567b9752b658177de0084b0b.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
a3ddb7439f1d6e996ed7dc74a257b32a4dc0d5c0567b9752b658177de0084b0b
-
Size
1.3MB
-
MD5
7f3c87f33433b322b440b546e3a638ab
-
SHA1
149592f8b46d4f7210e0a260b89ab55a0eb73a73
-
SHA256
a3ddb7439f1d6e996ed7dc74a257b32a4dc0d5c0567b9752b658177de0084b0b
-
SHA512
3346b6217af345efec567bf3aea88001fe1830f13c274ffde4e87a949f05b0eaea5ab4dea08ddde01dde31ccaf2cf2c89ca6012a25a277983d064e181a437641
-
Poullight Stealer Payload
-
suricata: ET MALWARE Win32/X-Files Stealer Activity
suricata: ET MALWARE Win32/X-Files Stealer Activity
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-