General
-
Target
927571741d81bafe08ebd1c074c810d9ccf55c624133c9ebc3d285d0d804c0fd
-
Size
3.0MB
-
Sample
220524-2ewgvsebfk
-
MD5
4e1ae916a283ff087b4daf71f73540cf
-
SHA1
c9f8cb325b0dc69638984060c100604bf61cf0fd
-
SHA256
927571741d81bafe08ebd1c074c810d9ccf55c624133c9ebc3d285d0d804c0fd
-
SHA512
87abe3370506db994bf456ff008905690f6fd7cbb10440a8fba17a1fbec13ed14a91f2466b8e2bec4ac36b8397655866871646ffdcf1ff30f973b8288c8abbf6
Malware Config
Targets
-
-
Target
927571741d81bafe08ebd1c074c810d9ccf55c624133c9ebc3d285d0d804c0fd
-
Size
3.0MB
-
MD5
4e1ae916a283ff087b4daf71f73540cf
-
SHA1
c9f8cb325b0dc69638984060c100604bf61cf0fd
-
SHA256
927571741d81bafe08ebd1c074c810d9ccf55c624133c9ebc3d285d0d804c0fd
-
SHA512
87abe3370506db994bf456ff008905690f6fd7cbb10440a8fba17a1fbec13ed14a91f2466b8e2bec4ac36b8397655866871646ffdcf1ff30f973b8288c8abbf6
Score10/10-
Poullight
Poullight is an information stealer first seen in March 2020.
-
Poullight Stealer Payload
-
suricata: ET MALWARE Likely Malware CnC Hosted on 000webhostapp - POST to gate.php
suricata: ET MALWARE Likely Malware CnC Hosted on 000webhostapp - POST to gate.php
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-