This class of malware is said to incorporate many well-known malware like Azorult, Tesla, and Hawkeye.
Recently over the two months, Researchers from Cybaze-Yoroi ZLab observed the evolution and the diffusion of an info stealer dubbed as Poulight that most probably has a Russian origin. First spotted by MalwareBytes specialists in middle March and indicators of compromise have been as of now shared among the security community.
The vindictive code has propelled further stealing capabilities and continues to evolve.
Hash 8ef7b98e2fc129f59dd8f23d324df1f92277fcc16da362918655a1115c74ab95Threat Poulight StealerBrief Description Poulight StealerSsdeep 1536:GJv5McKmdnrc4TXNGx1vZD8qlCGrUZ5Bx5M9D7wOHUN4ZKNJH: GJeunoMXNQC+E5B/MuO0Ogt
Above is the sample information / Technical Analysis
Like a large portion of the malware of this particular family, it is created from a builder accessible to cyber-criminal groups that offer a 'subscription plan' for its "product". The outcome is a .NET executable:
Static information about the binary file
A quirk of this sample is that it doesn't have a minimal indication of obscurity; the analysis is very simple to depict the malware abilities/capabilities. When the malware is propelled, it plays out a classical evasion technique (as shown ..
Support the originator by clicking the read the rest link below.
