Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
16-09-2024 06:22
General
-
Target
Trojan.MSIL.Poullight.PA.exe
-
Size
3.1MB
-
MD5
3be8fa0b38501cdb368c5cf5a0615880
-
SHA1
52083abf2794b5f6f8a429ef5bf5fa552896832f
-
SHA256
1d0c2228e4f710999bd97385b1595cd48bc9b79a837a01eff63efb470a1f92ba
-
SHA512
4d60b1c7d41f9a03147cf1d81640d9b6cd09078c9a8e1634006f505c95cf81a3f0a2f3f31b6c925fd9c90be6c733cac7a54cadf19b0dd0b63ea2b2d8a78ea5bd
-
SSDEEP
49152:eFnAp4kyST0QX9i41ZmCq6M+s8KuqGaX0ToIBAUZLYRXcYz7NWu22wS3BNM8:eFw7ySwQX9iC4n0JBAUZLuMYz1BN
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 2 IoCs
-
Poullight
Poullight is an information stealer first seen in March 2020.
-
Poullight Stealer payload 3 IoCs
-
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 3 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 16 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Trojan.MSIL.Poullight.PA.exe"C:\Users\Admin\AppData\Local\Temp\Trojan.MSIL.Poullight.PA.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\build.exe"C:\Users\Admin\AppData\Local\Temp\build.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\Temp\SALIK.exe"C:\Users\Admin\AppData\Local\Temp\SALIK.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://jq.qq.com/?_wv=1027&k=57Cts1S3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1848 CREDAT:275457 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD57d637ba331ba7c557cc70bac0829a200
SHA119078a384308cc7065d7c3ea1ca0e53308a4dc88
SHA2561c699c12a50983bae416bf828aaf9995314d0dd45a9950380d4df1094a5c8cc6
SHA51202698e5516b8845a1412b541f3046e9da359b7deb843be88d9f24af1f365afbcce167a7507c728249bd904150beecf6c448a9a4a67d7500d5fcafa32f5fa3468
-
Filesize
342B
MD51d18e8356d02f7e605da04c2c3238f8f
SHA1c2c0f59cce2009166ee7ddbe5e29c9260da05b19
SHA256da4bd3bc03c5066b042b0c6e6e20132a6e3b17e4ebf7ce02c7dd5e4f3990094c
SHA51263f40bd994553000894170e6c605e12e28fc0bb1177f2dec1002031ab49ef8175fa5726da5665b0e56f654ba486b3a920772ccc79a3f8e35594a6350bc8e2c92
-
Filesize
342B
MD5197769f1fbd1dca3317ad58652667909
SHA1b50ed69975d61fc90de4faa4dec0f2c283c51b67
SHA256c5898c1b76a2204017c8761dd3d78f4d8935efe006fcfbdd799fec149434068f
SHA512f6a2b0a1ea3910df20f9dab91867ea03c4af76d937f76a8035f24fdab2f01222aebc4c5e9fccbccddcb836372ea7d13a4e1359790ede7a85ed7d71e87c0c8ff0
-
Filesize
342B
MD54bd88970f71bc4cc9dd6ca01a08061e0
SHA1aa2ac152f0a03f1996635e7948ac4e02e2fb8407
SHA256419f45c7d1f564372dbb4813a409665efdbade519b9c5c471386e5bc8725f3af
SHA51232a7cfb28cccd6bb564852fda5e884e9975f830a48c31c92d832c2a810073057e329c586f7fa0cfdbf3fc5907082aae7dabade88bfa03d60d5f4bb00963f103b
-
Filesize
342B
MD59cda39ffea36ee4721fe36f9b8f82982
SHA1acdb12e00e0450b5963d041b3e5a41347f5216af
SHA2567ab14bf41a558525f83bf80117ebfe5c087c6ecdde76f440c397124912c21379
SHA5123cd147fba11bd6d2b293c92a6fa64e999e0bbab7c8b2b8eb20e072e2f9fc34cc75d98a9f5112cf6dbfe37976bad6f1e77687a8f11d93ede37b3fd51d67435ea1
-
Filesize
342B
MD5789f839ffc7f2070a7d8a0a13d2322d6
SHA165ef970ac71cbb19adc9cc897eeeb5b77d3a7618
SHA2560a933e4b7cafff3472b7217bd701a640c78c1f4c114002619735a47662c59d4f
SHA512b3b4df79c8e35da4ed93cf61fe8e06514dc09c6f6e8b50398d3bdbb821bdcaa06d5151fbca4fd222fb917bf3fa843cbd9b20f2983f5be3e5e03810943fe17440
-
Filesize
342B
MD5e719072cdced886d7c6910a9f0708c64
SHA1b8ef42f49a16f6962c9e918c881d2e9531ee068e
SHA25632944ca70b8a3ac98ea40fcabdcfa97457b92e653e5316bdae1d0c820c28f827
SHA512933f273b69b5a757abff52ed9c8a483a4fa027465a4968a0b074d9afe7eea06bf8c43ee024bc6925bc8e4014f78e610b1deae68f7bb6edcb8d483b06e2c3fc85
-
Filesize
342B
MD54eb6ed8a3581ac186612c1f019b70dad
SHA1f07727f59c7ae03d57621012dadc544989762594
SHA2569968772b9f3729b63b5bab4cabebfd60a2881c3b4f804d3f7acb21052b8b0425
SHA5129bc361f256f70e7be7703397e5d376d70bc1899df00b9dcbd4b9fb73515bfb2df05e64527a7db456a53acd013ae271a6fe8e6562637a3e7e472efa190a18fa51
-
Filesize
342B
MD56f4873dec87d6f77c64c1d21f44bec15
SHA14643d899a1bdb813a4a2095b8da502ba16a1ba60
SHA25663c107000c5d9792f549dea401e53ee7fb242592365d5c86f6fa8a4d5f121c85
SHA5128bb40a1f4ff47c6fde2f1c8c6e132c182388924b314ab492c74333072a6610e41fad380d3f4ac7c3c158034d9fd40c2a5350aab058561a792387465a5a045ca6
-
Filesize
342B
MD54e05d068da805f4398070d415044cc8e
SHA1b090c503fcd14cb0a6d18ff843058c189f4804b4
SHA2567975b210d1d2c9557496760ea5531385fa93575f4dd756422112bc6dd55c50a4
SHA51299316baf6703109c99ac8d33799cba63243e3c88504aca857c0ea815bd38d31b07cce67b1bb16ca78f1a6e2e95b80eea398112775477125596f67f78b00cd6ce
-
Filesize
342B
MD576ec81abba30f313556d8e02fe699f6e
SHA178f26a97dc167bad3bfb5fced80dfe1e891681a6
SHA2563a27177cc7ce8e8ae6578c56665ca745851aa33d8ce735c4891adf13079bd341
SHA512146334d8258ede32b0a8608c229a00cc5a61d710e0aea1a4b64bcb18fa28a15807030f49b8448c9ff8107473b754051dfed79274266baad3f663fb77261dd036
-
Filesize
342B
MD50cfd358c473e29dd9d7a03b97a278979
SHA1586955b5124f2cbd228b55cf944d3ab8a5446f64
SHA256275d93a39eb23e751eb21533b91433d869cfead237f176e8a5c349b0227f676c
SHA5129fa851ad99c938ca64d782488d9beb449bd432abf84e2b4d871911084458ff121ff1fd576735791dfee22521fd0134883adff8008b6872fdd6de7ecec7b86d4f
-
Filesize
342B
MD53811419ace1e728fff02efbd44fa4839
SHA19a34623ae5b360de78e0c96e5fa051e3b0ad4852
SHA25651033d1f87761715596771ff013cc46880ffe5fbf338c62c4b3aca03f79701b6
SHA5121292438ad491bd5d139c8ee53949a61ea7ea09bb005b90e545ac7288a0e9cb2e085205ae8b20f479c9d03db2c0abd39fabb877bf19b091a149328d7e7e393ee8
-
Filesize
342B
MD5518cfe4700b6ceac4cde6a50b279617b
SHA103d4939a61187e7df8f5ef1b1fdbfbd6c7962430
SHA2562536912bee3b0102bf502244ec4e2986fcc8a5abc5bdb9d68697a6c6889c3176
SHA5122149632a6857be33f9c3b1f895dbddba9c72d7fb131d36e253bb4df1dc6d80de7e42c5f4b660c8cedcd1043a3f7864c80846e4a55b09113eae3d1564d0621061
-
Filesize
342B
MD5e3849ddb1c35f0c7e4400f46a5c9c1aa
SHA1ae0cde4d2eb6fd563954b91f721d7293859f1a80
SHA2565124db183ad216fbbb9e4d3271a7a92e0629d4966bbeae1dd50e0b7f5f09c5d3
SHA512aeae0448a82d66f67bd4db98957f60a3d41bac8aace28faa60feb3dfb83658c9dbb739efd5d577f6af643db05e56732658c98216500b823e94eefb2919007545
-
Filesize
342B
MD59c95059cab1f42c10371c58503058eda
SHA149dd4576f908faea450cb5bbe2337b4c55766b25
SHA2564de9c1edbc4790b16f80305b83a770b0372d1efd29e86b90a85e2b3c2c680c27
SHA512761248b946ae398b829fba6eb3dc3d291133ad906befaa2ea7396c42b678927278632088edee67b3b4ca146e400fefac695f54de945d9a3918bf25afd51359dc
-
Filesize
342B
MD52ee396dcfe963c4ff065e81ddcd86cc8
SHA1d61885e0108b69e6c230bada6e22528665dd2ea7
SHA2564341f0186ac411b241623492763c1a07a1b4ab639d18f9d987311d2d0bc21024
SHA512631061796e946801bdc1a26a7c66f7cf8e4704e2ea10cf9c803add0d4739122e326e28420d4ea2a1878da4106b0334b3bfe19f413b3f074385da3d6ba8892ac8
-
Filesize
342B
MD5f1dd3d5ea8480da6c41aaa6aeff12aaf
SHA18f5398a3fb061369e7c388f30849673df0e783bd
SHA256c6629ef9d16077112dc7e518294a72f67e42360a76a7da8e0f489b517b805423
SHA5126d7512fd66f5e62dca39a9d321b0b3b78e2b54d66543f9db8ab65045e63c4a2367b3ba74d5ae679405904e3bad4d6a6056becb0c85a8d2d2e235a22cbe93f416
-
Filesize
342B
MD5883d53b7f07e0743b8eb569a86dfba3c
SHA14f1db246965daec026f6a88c976cff5bd85c9e3c
SHA256c4c79ece5a56259dfcf9c35291a0c423b0814a18680aefdb424a6b5da48d2e88
SHA5126e04566ac05ba610f8811dbb0de52783e5a1857bad6e2d1c1cb02445d67bf297260d12d43bceda02d1470551c0bc2691d380892fde27d2788dd441cf2ff2cac2
-
Filesize
342B
MD5f2ae68c7b0d38212de2a5a26714168cd
SHA11e29a2f6153bd46e1b2bae59b6232ab1b0e04ad0
SHA256934df8e9d50d68b8d32ef49f51fdad37e7647ea264ea564eef790037704d7a7a
SHA512f2cbb5103e63b0a18fb9ff940c9ed8a978fce2404cf8b12afd5e4597a01740ef320e62f6b59a13c61864272601731db94162d94e6447bdfe5214a905b51d8ae0
-
Filesize
342B
MD50eb677a335d24bee3a0d2d6efeab963b
SHA148f6f63ac1e252f806de2c3f5f76c72c73728af8
SHA256a7cfd18790b6c0c85fbd3c47cc7868599d5d096c0193f6ba1991a663cfcca972
SHA5124599b8abdecc580b7f8483175475ec7d72821f7b41f0174bae45a71a0a9f35300e224b986d7df5fc66e09bc8ed0c8a50e7b3dee137885b776b3ded60347686cb
-
Filesize
342B
MD5970b37e506eb84158be2bd6aeb6a8747
SHA139ff807bd3da6ee144c75250aaed35318862e765
SHA256714f780a6da2ecba927aabf8f8b9c302c6f3949ee9e8ea3164893bbc7a95e87e
SHA512aa7a2717b386047cabe7ab2a0e49663ae2c69d9c3aa4bb2e2a268dbc6d9c45ea6e5dfaba957091787ad4c816f00138296d653d9ceb12448c6b5a09bd633f9732
-
Filesize
342B
MD5d6209724230af21db8e1e04a83b3c203
SHA104657ef117fcfd984443a647515a809a96f4edb7
SHA25624a7e526c1a4873ffd79c7ac6403feea11148cb89dd60874d8f4b3891bca04e1
SHA5128f40687e44e1c40f490d86004674ead1281ddce5af84a3868913e9b570e9662c929c77b52d8bc8002e96706eda900c0b3d7605bb62c9cc711cc65ee3c526d05e
-
Filesize
342B
MD588c056af314b44f21d51ed50cb028944
SHA13f17d6023f4067adf1647b15c8f21649dfc6076d
SHA256b9cc526efca9153f5d1b73f1568886f0fdb2a75a9b11bcec8e0387c7affae83e
SHA51273e24aa9dff2c680da41ad23ddb0b6fde91db80ab02e7dda34931bad79106c64d6509b7d8c24bde3953171a49f470a0c5aabbaaab63b93ac7bef47fd3710bd3d
-
Filesize
342B
MD5e5830b424aefb1879a5d1d2a0db16876
SHA15f5a0716ab3996645aae626b5159dee168c5cd0d
SHA2568c1117c33bf8f37ce19c57e228630af0f0936ec95e6682e6d68a45e021e7ae84
SHA5126684e8f39a700d6e9152d5ed767db8924b3e6ca2a15f45e702e58281b3051dd1d4b731e996b9a5d7d2db83b9e78129486cc19cb1f45b14102c02c65abcb5e2ba
-
Filesize
342B
MD52940483e120cefc0afe9ad5073143d59
SHA1acfd12c01d2a413acabb2abb4e496379b19c62fd
SHA256d4ff826d124af1658a098ba2d5301bb7cd393cd3b53acd1ac2d8f7b200d6f278
SHA512d79a14a261b9135e12cbc81c64038e9b7898357d911335afae206321d1e56aa40d06ebe5e894580b570cc5001c3d5969fbfafba8632b2c70333230a5aa8b5fbf
-
Filesize
342B
MD59ae5ad5865af662a2ab26bbf9d1c3ff2
SHA163f7daf5d6f983e8e68479cae9b7910b1679cf04
SHA256a9c699e7d536e66ff1d48a9a514188536b26e51b33aa8a0cc7e22f2fb02e438e
SHA5124d0c289ad485fff898dd4dee8d8abdf49a8c92fe1d2be336c9e42f6e4c4486a8c58764bcc09b8413e343d2700e40fa8e3be48e99bcb1c3cf00a6437ca8d1a207
-
Filesize
342B
MD5b98e85bd2e53d9bf3952b6db96dcc5ff
SHA1ba5868a1900fed72c64f05e0b655cfa369abccc2
SHA256baea75597b51b63b5222abc582ca85063757cd3fe987f3846244f270d5eccb2d
SHA5124c1b44865a23b2eecb2956478dd9d883f6a61bb6afdb7c7adcfc25d75f28806c11c073292116193d9d9560499aa641d0bc4b60ac0a47758a4e42baa55932eefb
-
Filesize
342B
MD531b02bf33d23cd690ecfcbe24cd5b327
SHA17c459ec4d1bfd18f92571ddb82d9f99c8d2cbc43
SHA256064bc286a920f19919e1115d8396c7d90034e65667bda090432e6406a3d8e82c
SHA51221570f900177508d072880d067d0f9c3bce52185b5ce1f9451eb49a43c43d0d6aa2c89f9b21db602a743d6f456a2d810fb9ced59c7d5c938c69ff5573d63e4f7
-
Filesize
92KB
MD50040f587d31c3c0be57da029997f9978
SHA1d4729f8ed094797bd54ea8a9987aaa7058e7eaa2
SHA256a285e3bc24d218869afd114c236f0aafebeba96d4105ddd379ae31f03b26079b
SHA5123e4ffca2ff979b5f91a0c8d5d1fa52f0ab47ff63e50b1cc5e7708c4ba8359ee8505a9259f329da5733048e953f0778af73ce76735b481d558dd05a2cb45a5977
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
3.0MB
MD5d0bb5ffd1587460bdc47b813edde4c45
SHA1f81429c4f3b3711be166a13c3736bd13a77e200a
SHA256297aafb2fee9ca3a270f8b6189699c71f60281c5ad3d4a217139d9b97aca22f4
SHA512e8c135e7cfec7d8eed4a10315edb65839914dbbdda660257565002fdf3bba39685a27418e11c3f77781e76b730ac60435b8381dd85d92de529305ac5a6053327
-
Filesize
100KB
MD57151a5a9e84c669ffcee99029e679cd3
SHA18d596f5f14dabb069242f04797f70f288657017e
SHA256d8712c18fd5c3d02d1f799c5b829050dbe8932187d0ce2ce7d1cfe9741fa8b60
SHA51283ca6940e55c2a84ab2597e9a8102b9ff5d6da3b4b07c164b3ae57780a85e2358dbb93f1abe02ef68defcd53eee637ed2e11168977d4d326f6535a33edc9a2a0
-
Filesize
128KB
-
Filesize
3.2MB