Overview

overview

10

Static

static

c4e8282ef4...68.exe

windows7_x64

10

c4e8282ef4...68.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c4e8282ef48e91716ace408edc83347bbce4ed299abaeae7c4100a61402eaf68

  • Size

    129KB

  • Sample

    220625-fqpmssheb8

  • MD5

    67e323570213378a54e19b0ccdcf49f0

  • SHA1

    e95460434d6de33361167b935ce56c05b85250b9

  • SHA256

    c4e8282ef48e91716ace408edc83347bbce4ed299abaeae7c4100a61402eaf68

  • SHA512

    96e8dbe1fd75fac932a40bcf6fe4864596170317e37d0e93ce17877d61430e97ff9b32a7d7a178d463fcff421147e3817506d839041a067721991f3aebd3e7e4

Score
10/10
poullightstealertrojan

Malware Config

Targets

    • Target

      c4e8282ef48e91716ace408edc83347bbce4ed299abaeae7c4100a61402eaf68

    • Size

      129KB

    • MD5

      67e323570213378a54e19b0ccdcf49f0

    • SHA1

      e95460434d6de33361167b935ce56c05b85250b9

    • SHA256

      c4e8282ef48e91716ace408edc83347bbce4ed299abaeae7c4100a61402eaf68

    • SHA512

      96e8dbe1fd75fac932a40bcf6fe4864596170317e37d0e93ce17877d61430e97ff9b32a7d7a178d463fcff421147e3817506d839041a067721991f3aebd3e7e4

    Score
    10/10
    poullightstealertrojan

    • Poullight

      Poullight is an information stealer first seen in March 2020.

      trojanstealerpoullight

    • Poullight Stealer Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks