poullight | a2e8843e56a343eb851c92463c123b06c2edc8a7c4704ec51e4ba42405cdb9b4 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

SALIKHACK/...CK.bat

windows7_x64

1

SALIKHACK/...CK.bat

windows10-2004_x64

1

SALIKHACK/...CK.exe

windows7_x64

SALIKHACK/...CK.exe

windows10-2004_x64

Sharing

General

Target

a2e8843e56a343eb851c92463c123b06c2edc8a7c4704ec51e4ba42405cdb9b4
Size

1.2MB
Sample

220520-fybqxabdg5
MD5

62e7d2855d5fcfef51ebb089e4c927ba
SHA1

66b9c8af6cec8c97a2c27d5a85bb3dfaa4f3a238
SHA256

a2e8843e56a343eb851c92463c123b06c2edc8a7c4704ec51e4ba42405cdb9b4
SHA512

c6fc9221ef2f26ed20e5e97195260d7a445175f4b3c9fdb8a48c9e0c2b4d21cf0998a408261eeb976b9ef9a1867313fd5624509b5f105ca37a43546e3eeefa2f

Score

10^/10

poullight persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

SALIKHACK/SALIKHACK.bat

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SALIKHACK/SALIKHACK.bat

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

SALIKHACK/SALIKHACK.exe

Resource

win7-20220414-en

poullight spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

SALIKHACK/SALIKHACK.exe

Resource

win10v2004-20220414-en

poullight persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  SALIKHACK/SALIKHACK.BAT
- Size
  
  238B
- MD5
  
  21a67af3a0e70534daf91c971545bc80
- SHA1
  
  23141575d04651a2cd778a33732805c468033ef0
- SHA256
  
  940dd6c2693be78a671cad250f75a5b5324b3350e2b2fc1cfc098293b934fdb3
- SHA512
  
  b79f1dd26beee4a6995b0d67f112e4dff152d05822e8482579b6bdbd414b06cfbdeb6f55f4cb41d1821e6e7b98bfa3852e1d163355b3de5cd985373f8a333e66
Score

1^/10
behavioral1 behavioral2
- Target
  
  SALIKHACK/SALIKHACK.exe
- Size
  
  3.1MB
- MD5
  
  3be8fa0b38501cdb368c5cf5a0615880
- SHA1
  
  52083abf2794b5f6f8a429ef5bf5fa552896832f
- SHA256
  
  1d0c2228e4f710999bd97385b1595cd48bc9b79a837a01eff63efb470a1f92ba
- SHA512
  
  4d60b1c7d41f9a03147cf1d81640d9b6cd09078c9a8e1634006f505c95cf81a3f0a2f3f31b6c925fd9c90be6c733cac7a54cadf19b0dd0b63ea2b2d8a78ea5bd
Score

10^/10

poullight spyware stealer trojan persistence
- Poullight
  Poullight is an information stealer first seen in March 2020.
  trojan stealer poullight
- Poullight Stealer Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

poullightspywarestealertrojan

behavioral4

poullightpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy