SYMBOLCOMMON_NAMEaka. SYNONYMS
win.poulight_stealer (Back to overview)

Poulight Stealer

aka: Poullight

There is no description at this point.

References
2021-04-19Youtube (AhmedS Kasmani)AhmedS Kasmani
@online{kasmani:20210419:malware:72a87a6, author = {AhmedS Kasmani}, title = {{Malware Analysis of a Password Stealer}}, date = {2021-04-19}, organization = {Youtube (AhmedS Kasmani)}, url = {https://www.youtube.com/watch?v=MaPXDCq-Gf4}, language = {English}, urldate = {2021-04-21} } Malware Analysis of a Password Stealer
Poulight Stealer
2021-04-02360 Total Securitykate
@online{kate:20210402:txt:1216a3c, author = {kate}, title = {{A “txt file” can steal all your secrets}}, date = {2021-04-02}, organization = {360 Total Security}, url = {https://blog.360totalsecurity.com/en/a-txt-file-can-steal-all-your-secrets/?web_view=true}, language = {English}, urldate = {2021-04-06} } A “txt file” can steal all your secrets
Poulight Stealer
2020-07-24VMWare Carbon BlackAndrew Costis
@online{costis:20200724:tau:2730a2c, author = {Andrew Costis}, title = {{TAU Threat Discovery: Cryptocurrency Clipper Malware Evolves}}, date = {2020-07-24}, organization = {VMWare Carbon Black}, url = {https://www.carbonblack.com/blog/tau-threat-discovery-cryptocurrency-clipper-malware-evolves/}, language = {English}, urldate = {2020-08-05} } TAU Threat Discovery: Cryptocurrency Clipper Malware Evolves
Poulight Stealer
2020-03-19Twitter (@MBThreatIntel)Malwarebytes Threat Intelligence Team
@online{team:20200319:poulight:b94731b, author = {Malwarebytes Threat Intelligence Team}, title = {{Tweet on Poulight Stealer}}, date = {2020-03-19}, organization = {Twitter (@MBThreatIntel)}, url = {https://twitter.com/MBThreatIntel/status/1240389621638402049?s=20}, language = {English}, urldate = {2020-03-25} } Tweet on Poulight Stealer
Poulight Stealer
Yara Rules
[TLP:WHITE] win_poulight_stealer_w0 (20200325 | Poullight stealer)
rule win_poulight_stealer_w0 {
    meta:
        description = "Poullight stealer"
        author = "James_inthe_box"
        reference = "https://app.any.run/tasks/d9e4933b-3229-4cb4-84e6-c45a336b15be/"
        date = "2020/03"
        maltype = "Stealer"
        malpedia_reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.poulight_stealer"
        malpedia_version = "20200325"
        malpedia_sharing = "TLP:WHITE"
        malpedia_license = ""
        
    strings:
        $string1 = "[LOGS]" wide
        $string2 = "Org.BouncyCastle.Crypto.Prng" ascii
        $string3 = "lookupPowX2" ascii

    condition:
            uint16(0) == 0x5A4D
        and 
            all of ($string*)
        and 
            filesize < 400KB
}
Download all Yara Rules