Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
05/01/2024, 10:44
Behavioral task
behavioral1
Sample
Loader/Loader.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Loader/Loader.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
Loader/etc/luIelD.dll
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
Loader/etc/luIelD.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
Loader/php5ts.dll
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
Loader/php5ts.dll
Resource
win10v2004-20231215-en
General
-
Target
Loader/Loader.exe
-
Size
3.1MB
-
MD5
101e969cb9e549d113836856f526d4b5
-
SHA1
9361431a7d69e92e20f163f10fc5a3b40c27bd0a
-
SHA256
8cf069c7b965893d12c9df25b24a60594693a158b8209d21f5d7213fc5ed41eb
-
SHA512
01f858a4c9b329f8696880fbff6b886cfae6e793afb448f79734cb7ea149baeaa3deaeec0bf62a34bfed5f634331ac4d6be7fee971588cba8921d7c41761ba00
-
SSDEEP
49152:XpFctP0vfTi05cfHQDVaztRT5hvEy87QS6J:XpFWPOCQQd2QSm
Malware Config
Signatures
-
Poullight Stealer payload 3 IoCs
resource yara_rule behavioral2/files/0x0009000000023200-4.dat family_poullight behavioral2/memory/1624-23-0x0000000000400000-0x0000000000720000-memory.dmp family_poullight behavioral2/memory/2196-12-0x00000267941F0000-0x0000026794210000-memory.dmp family_poullight -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
Processes
-
C:\Users\Admin\AppData\Local\Temp\Loader\Loader.exe"C:\Users\Admin\AppData\Local\Temp\Loader\Loader.exe"1⤵PID:1624
-
C:\Users\Admin\AppData\Local\Temp\Loader.exe"C:\Users\Admin\AppData\Local\Temp\Loader.exe"2⤵PID:4120
-
-
C:\Users\Admin\AppData\Local\Temp\build.exe"C:\Users\Admin\AppData\Local\Temp\build.exe"2⤵PID:2196
-