9342b721a094c6b8687b8a0b3f3e69109ec0135350435c80ae0676a277c3c77d | Triage

Submit
Reports

Overview

overview

9

Static

static

3

poisson.exe

windows11-21h2-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

poisson.exe
Size

107.1MB
Sample

240808-t4qc5swdjq
MD5

61c459021b9f18691dd574578e2f62b5
SHA1

57ddfe62e58ca6a2fb899bc29e011c30870c6379
SHA256

9342b721a094c6b8687b8a0b3f3e69109ec0135350435c80ae0676a277c3c77d
SHA512

83c03c38c9b7875ff4d69d4f2704811f45b19f66b4ebf26c4ae1cf4191a69bb330d980a39a450541e4154020aa42a965905d4be92d9f3a55f86752179dcb9155
SSDEEP

3145728:LgYRPSC++6y97iX5M3gbcKCVL2qHO5iDev279SY4:LxaC4y9uE2CVBHCiyv2p4

Score

9^/10

credential_access discovery evasion pyinstaller spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

poisson.exe

Resource

win11-20240802-en

credential_access discovery evasion spyware stealer

windows11-21h2-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  poisson.exe
- Size
  
  107.1MB
- MD5
  
  61c459021b9f18691dd574578e2f62b5
- SHA1
  
  57ddfe62e58ca6a2fb899bc29e011c30870c6379
- SHA256
  
  9342b721a094c6b8687b8a0b3f3e69109ec0135350435c80ae0676a277c3c77d
- SHA512
  
  83c03c38c9b7875ff4d69d4f2704811f45b19f66b4ebf26c4ae1cf4191a69bb330d980a39a450541e4154020aa42a965905d4be92d9f3a55f86752179dcb9155
- SSDEEP
  
  3145728:LgYRPSC++6y97iX5M3gbcKCVL2qHO5iDev279SY4:LxaC4y9uE2CVBHCiyv2p4
Score

9^/10

credential_access discovery evasion spyware stealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdiscoveryevasionspywarestealer

© 2018-2025

Terms | Privacy