Overview

overview

10

Static

static

10

fe75c6dd72...71.exe

windows7_x64

10

fe75c6dd72...71.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    91s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    24-05-2022 18:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fe75c6dd720394044ce6f42835d73af170ee8a0c4dc937781c0bcb1abe823571.exe

  • Size

    100KB

  • MD5

    9afb72148ccd26b39a6627ce80881f52

  • SHA1

    edaf644e5115a920909ed2c40b38f7aafeb22d9f

  • SHA256

    fe75c6dd720394044ce6f42835d73af170ee8a0c4dc937781c0bcb1abe823571

  • SHA512

    806ad09c08bdd9646ca2165a2f18282840403e4c46462735dbe20442e762b4974896d508cec0e863e95bc3a4fe743f5921e0d676fa72a443619fab652aec3106

Score
10/10
poullightspywarestealersuricatatrojan

Malware Config

Signatures

  • Poullight

    Poullight is an information stealer first seen in March 2020.

    trojanstealerpoullight
  • Poullight Stealer Payload 1 IoCs
  • suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers

    suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers

    suricata
  • suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

    suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

    suricata
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fe75c6dd720394044ce6f42835d73af170ee8a0c4dc937781c0bcb1abe823571.exe
    "C:\Users\Admin\AppData\Local\Temp\fe75c6dd720394044ce6f42835d73af170ee8a0c4dc937781c0bcb1abe823571.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3932

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3932-130-0x0000019C34AC0000-0x0000019C34AE0000-memory.dmp
    Filesize

    128KB

    Download
  • memory/3932-131-0x00007FF9024F0000-0x00007FF902FB1000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/3932-132-0x0000019C36630000-0x0000019C3663A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/3932-133-0x0000019C509B0000-0x0000019C50B72000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/3932-134-0x0000019C510B0000-0x0000019C515D8000-memory.dmp
    Filesize

    5.2MB

    Download
  • memory/3932-135-0x0000019C4F810000-0x0000019C4F822000-memory.dmp
    Filesize

    72KB

    Download