Poulight Stealer (Malware Family)

Poulight Stealer

aka: Poullight

There is no description at this point.

References

2021-04-19 ⋅ Youtube (AhmedS Kasmani) ⋅ AhmedS Kasmani
Malware Analysis of a Password Stealer
Poulight Stealer

2021-04-02 ⋅ 360 Total Security ⋅ kate
A “txt file” can steal all your secrets
Poulight Stealer

2020-07-24 ⋅ VMWare Carbon Black ⋅ Andrew Costis
TAU Threat Discovery: Cryptocurrency Clipper Malware Evolves
Poulight Stealer

2020-03-19 ⋅ Twitter (@MBThreatIntel) ⋅ Malwarebytes Threat Intelligence Team
Tweet on Poulight Stealer
Poulight Stealer

Yara Rules

[TLP:WHITE] win_poulight_stealer_w0 (20200325 | Poullight stealer)

rule win_poulight_stealer_w0 {
    meta:
        description = "Poullight stealer"
        author = "James_inthe_box"
        reference = "https://app.any.run/tasks/d9e4933b-3229-4cb4-84e6-c45a336b15be/"
        date = "2020/03"
        maltype = "Stealer"
        malpedia_reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.poulight_stealer"
        malpedia_version = "20200325"
        malpedia_sharing = "TLP:WHITE"
        malpedia_license = ""
        
    strings:
        $string1 = "[LOGS]" wide
        $string2 = "Org.BouncyCastle.Crypto.Prng" ascii
        $string3 = "lookupPowX2" ascii

    condition:
            uint16(0) == 0x5A4D
        and 
            all of ($string*)
        and 
            filesize < 400KB
}

Download all Yara Rules

Poulight Stealer Propose Change

References

Yara Rules

Poulight Stealer