Overview

overview

10

Static

static

8

6c1f750d13...81.exe

windows7_x64

10

6c1f750d13...81.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6c1f750d130b1d1a7712b3b7f3611e93d4aacf9eba11040193d2510ffcdfae81

  • Size

    5.4MB

  • Sample

    220625-gzgtzsbcf6

  • MD5

    1d68e030480a91f06de241d9118741e9

  • SHA1

    d129d9a59b9adad44e18fcd1d42348de85c6153f

  • SHA256

    6c1f750d130b1d1a7712b3b7f3611e93d4aacf9eba11040193d2510ffcdfae81

  • SHA512

    1d59b70b905b1f8a2b05e687afa980e84d485ac414e7932d80cbedc49b8c727cf2c3b21562e3feae94b5f0fbabf8bc5581e4592fcf5f4432b1217051d072303b

Score
10/10
poullightspywarestealertrojanvmprotect

Malware Config

Targets

    • Target

      6c1f750d130b1d1a7712b3b7f3611e93d4aacf9eba11040193d2510ffcdfae81

    • Size

      5.4MB

    • MD5

      1d68e030480a91f06de241d9118741e9

    • SHA1

      d129d9a59b9adad44e18fcd1d42348de85c6153f

    • SHA256

      6c1f750d130b1d1a7712b3b7f3611e93d4aacf9eba11040193d2510ffcdfae81

    • SHA512

      1d59b70b905b1f8a2b05e687afa980e84d485ac414e7932d80cbedc49b8c727cf2c3b21562e3feae94b5f0fbabf8bc5581e4592fcf5f4432b1217051d072303b

    Score
    10/10
    poullightspywarestealertrojanvmprotect

    • Poullight

      Poullight is an information stealer first seen in March 2020.

      trojanstealerpoullight

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks