General
-
Target
1d0c2228e4f710999bd97385b1595cd48bc9b79a837a01eff63efb470a1f92ba
-
Size
3.1MB
-
Sample
220520-fx9xbabdg3
-
MD5
3be8fa0b38501cdb368c5cf5a0615880
-
SHA1
52083abf2794b5f6f8a429ef5bf5fa552896832f
-
SHA256
1d0c2228e4f710999bd97385b1595cd48bc9b79a837a01eff63efb470a1f92ba
-
SHA512
4d60b1c7d41f9a03147cf1d81640d9b6cd09078c9a8e1634006f505c95cf81a3f0a2f3f31b6c925fd9c90be6c733cac7a54cadf19b0dd0b63ea2b2d8a78ea5bd
Malware Config
Targets
-
-
Target
1d0c2228e4f710999bd97385b1595cd48bc9b79a837a01eff63efb470a1f92ba
-
Size
3.1MB
-
MD5
3be8fa0b38501cdb368c5cf5a0615880
-
SHA1
52083abf2794b5f6f8a429ef5bf5fa552896832f
-
SHA256
1d0c2228e4f710999bd97385b1595cd48bc9b79a837a01eff63efb470a1f92ba
-
SHA512
4d60b1c7d41f9a03147cf1d81640d9b6cd09078c9a8e1634006f505c95cf81a3f0a2f3f31b6c925fd9c90be6c733cac7a54cadf19b0dd0b63ea2b2d8a78ea5bd
Score10/10-
Poullight
Poullight is an information stealer first seen in March 2020.
-
Poullight Stealer Payload
-
suricata: ET MALWARE Matrix Max Stealer Exfiltration Observed
suricata: ET MALWARE Matrix Max Stealer Exfiltration Observed
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
-
suricata: ET MALWARE Win32/X-Files Stealer Activity
suricata: ET MALWARE Win32/X-Files Stealer Activity
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-