Overview

overview

10

Static

static

10

Loader/Loader.exe

windows7-x64

10

Loader/Loader.exe

windows10-2004-x64

10

Loader/etc/luIelD.dll

windows7-x64

1

Loader/etc/luIelD.dll

windows10-2004-x64

1

Loader/php5ts.dll

windows7-x64

1

Loader/php5ts.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    0s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-01-2024 10:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Loader/Loader.exe

  • Size

    3.1MB

  • MD5

    101e969cb9e549d113836856f526d4b5

  • SHA1

    9361431a7d69e92e20f163f10fc5a3b40c27bd0a

  • SHA256

    8cf069c7b965893d12c9df25b24a60594693a158b8209d21f5d7213fc5ed41eb

  • SHA512

    01f858a4c9b329f8696880fbff6b886cfae6e793afb448f79734cb7ea149baeaa3deaeec0bf62a34bfed5f634331ac4d6be7fee971588cba8921d7c41761ba00

  • SSDEEP

    49152:XpFctP0vfTi05cfHQDVaztRT5hvEy87QS6J:XpFWPOCQQd2QSm

Score
10/10
poullightstealertrojan

Malware Config

Signatures

  • Poullight

    Poullight is an information stealer first seen in March 2020.

    trojanstealerpoullight
  • Poullight Stealer payload 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\Loader\Loader.exe
    "C:\Users\Admin\AppData\Local\Temp\Loader\Loader.exe"
    1⤵
      PID:1624
      • C:\Users\Admin\AppData\Local\Temp\Loader.exe
        "C:\Users\Admin\AppData\Local\Temp\Loader.exe"
        2⤵
          PID:4120
        • C:\Users\Admin\AppData\Local\Temp\build.exe
          "C:\Users\Admin\AppData\Local\Temp\build.exe"
          2⤵
            PID:2196

        Network

        MITRE ATT&CK Matrix ATT&CK v13

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\build.exe
          MD5

          d41d8cd98f00b204e9800998ecf8427e

          SHA1

          da39a3ee5e6b4b0d3255bfef95601890afd80709

          SHA256

          e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

          SHA512

          cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

          Download Submit
        • memory/1624-23-0x0000000000400000-0x0000000000720000-memory.dmp
          Filesize

          3.1MB

          Download
        • memory/2196-12-0x00000267941F0000-0x0000026794210000-memory.dmp
          Filesize

          128KB

          Download
        • memory/2196-27-0x00000267945F0000-0x0000026794600000-memory.dmp
          Filesize

          64KB

          Download
        • memory/2196-24-0x00007FFB70850000-0x00007FFB71311000-memory.dmp
          Filesize

          10.8MB

          Download
        • memory/2196-30-0x00000267960C0000-0x00000267960CA000-memory.dmp
          Filesize

          40KB

          Download
        • memory/2196-54-0x00000267AF780000-0x00000267AF942000-memory.dmp
          Filesize

          1.8MB

          Download
        • memory/2196-57-0x00000267AFE80000-0x00000267B03A8000-memory.dmp
          Filesize

          5.2MB

          Download
        • memory/2196-74-0x00000267AF610000-0x00000267AF622000-memory.dmp
          Filesize

          72KB

          Download
        • memory/2196-104-0x00007FFB70850000-0x00007FFB71311000-memory.dmp
          Filesize

          10.8MB

          Download
        • memory/2196-105-0x00000267945F0000-0x0000026794600000-memory.dmp
          Filesize

          64KB

          Download
        • memory/4120-28-0x0000000000400000-0x00000000006A2000-memory.dmp
          Filesize

          2.6MB

          Download
        • memory/4120-25-0x0000000002340000-0x0000000002341000-memory.dmp
          Filesize

          4KB

          Download