poullight | 68e275d3c9a9ed2cb994b9e1600e50b0971c28f609f198bf7f2764cad0518e5a | Triage

Submit
Reports

Overview

overview

Static

static

68e275d3c9...5a.exe

windows7-x64

68e275d3c9...5a.exe

windows10-2004-x64

Sharing

General

Target

68e275d3c9a9ed2cb994b9e1600e50b0971c28f609f198bf7f2764cad0518e5a
Size

520KB
Sample

230129-te5rjach92
MD5

5ba7d69bea5783cb7b6161fe55edfb02
SHA1

c443a1c1d861b436c2542f60746e2ce9e673b7f0
SHA256

68e275d3c9a9ed2cb994b9e1600e50b0971c28f609f198bf7f2764cad0518e5a
SHA512

a7a845353729ab178a2cbe52f980d14e4a00985225cc5de8f87a9efca17e89c86af63adb3764bb0089aa051e1b9e07ac31a69117c7a3d24e5eb1b2c121057652
SSDEEP

12288:aRZ+IoG/n9IQxW3OBsee2X+t4RbmbxbNUO+X1Y/eBHCqiQWAEd:U2G/nvxW3Ww0tmbXUHXHiw

Score

10^/10

poullight spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

68e275d3c9a9ed2cb994b9e1600e50b0971c28f609f198bf7f2764cad0518e5a.exe

Resource

win7-20221111-en

poullight spyware stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

68e275d3c9a9ed2cb994b9e1600e50b0971c28f609f198bf7f2764cad0518e5a.exe

Resource

win10v2004-20221111-en

poullight spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  68e275d3c9a9ed2cb994b9e1600e50b0971c28f609f198bf7f2764cad0518e5a
- Size
  
  520KB
- MD5
  
  5ba7d69bea5783cb7b6161fe55edfb02
- SHA1
  
  c443a1c1d861b436c2542f60746e2ce9e673b7f0
- SHA256
  
  68e275d3c9a9ed2cb994b9e1600e50b0971c28f609f198bf7f2764cad0518e5a
- SHA512
  
  a7a845353729ab178a2cbe52f980d14e4a00985225cc5de8f87a9efca17e89c86af63adb3764bb0089aa051e1b9e07ac31a69117c7a3d24e5eb1b2c121057652
- SSDEEP
  
  12288:aRZ+IoG/n9IQxW3OBsee2X+t4RbmbxbNUO+X1Y/eBHCqiQWAEd:U2G/nvxW3Ww0tmbXUHXHiw
Score

10^/10

poullight spyware stealer trojan
- Poullight
  Poullight is an information stealer first seen in March 2020.
  trojan stealer poullight
- Poullight Stealer payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

poullightspywarestealertrojan

behavioral2

poullightspywarestealertrojan

© 2018-2024

Terms | Privacy