March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Phishers Continue to Spoof WebEx
May 12, 2020Rewterz Threat Advisory – McAfee Multiple Security Updates
May 12, 2020Rewterz Threat Alert – Phishers Continue to Spoof WebEx
May 12, 2020Rewterz Threat Advisory – McAfee Multiple Security Updates
May 12, 2020
Severity
Medium
Analysis Summary
Poulight stealer, a new infostealer on the cybercrime market. Poulight stealer has an incredible potential to steal sensitive information. The infection begins with anti-VM checks and ensures no previous infections are present. If all checks pass, the stealing behavior starts. First, hardware, software, and running process information is gathered. Then a clipper module is started. Next, various data is stolen from applications such as FileZilla, Discord, Telegram, and more. Desktop and webcam snapshots are also taken. Lastly, sensitive documents are identified based on specific file extensions and keywords. All data is gathered, stored in a custom data structure, and sent to the malware’s C2. After this data is received by the C2 server, additional components are downloaded and executed on the victim host.
Impact
- Information theft
- Exposure of sensitive data
Indicators of Compromise
MD5
f73e5a8f0fe9b1c320e8d7826e4026f4
SHA-256
8ef7b98e2fc129f59dd8f23d324df1f92277fcc16da362918655a1115c74ab95
SHA1
6584fdf148b59280fe8b48c1c872b09aad6a3752
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.