General
-
Target
ec77d58c6a989738074bd03e0cdb714044579ba64543d55ef07adbc4da80f479
-
Size
5.2MB
-
Sample
220525-aqx2aadab2
-
MD5
9f67824dedc0e11e50cddb66e307895e
-
SHA1
dd25ef4977585f1eea01a26604bd92c3fc82a49d
-
SHA256
ec77d58c6a989738074bd03e0cdb714044579ba64543d55ef07adbc4da80f479
-
SHA512
6631e0b9cfb5f8f4f1f191462c80eb78b32ac897ec228dcf37ded2d7364aca4f54e6f891bf9c9e1a6d1a1f5fc8fdf64853ead5dd8222f141e436b95063062857
Static task
static1
Behavioral task
behavioral1
Sample
ec77d58c6a989738074bd03e0cdb714044579ba64543d55ef07adbc4da80f479.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
ec77d58c6a989738074bd03e0cdb714044579ba64543d55ef07adbc4da80f479
-
Size
5.2MB
-
MD5
9f67824dedc0e11e50cddb66e307895e
-
SHA1
dd25ef4977585f1eea01a26604bd92c3fc82a49d
-
SHA256
ec77d58c6a989738074bd03e0cdb714044579ba64543d55ef07adbc4da80f479
-
SHA512
6631e0b9cfb5f8f4f1f191462c80eb78b32ac897ec228dcf37ded2d7364aca4f54e6f891bf9c9e1a6d1a1f5fc8fdf64853ead5dd8222f141e436b95063062857
-
Poullight Stealer Payload
-
suricata: ET MALWARE Matrix Max Stealer Exfiltration Observed
suricata: ET MALWARE Matrix Max Stealer Exfiltration Observed
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
-
suricata: ET MALWARE Win32/X-Files Stealer Activity
suricata: ET MALWARE Win32/X-Files Stealer Activity
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-