purelogs | fd387cb5e59d395071f7db3b3ff55c4e41fb3deede556f974eb14336e48d6d3f | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Resubmissions

27-03-2024 14:29

240327-rt28vaea88 10

30-11-2023 18:35

231130-w8tx8sga7y 10

30-11-2023 17:17

231130-vtpvaseh7t 10

Sharing

General

Target

fd387cb5e59d395071f7db3b3ff55c4e41fb3deede556f974eb14336e48d6d3f
Size

1.3MB
Sample

231130-vtpvaseh7t
MD5

fc1970b497075ee27039eebaca37c4b2
SHA1

f443d152d319c3d0934bf51ff21331f2a95af87c
SHA256

fd387cb5e59d395071f7db3b3ff55c4e41fb3deede556f974eb14336e48d6d3f
SHA512

3e9add4e211706a655e899d9a8163d3c67e49202ada75619708bca76d32d07dc36529ab151fca43aeef84a841e55a874b137c8d6945dd65472a872df6a36eb79
SSDEEP

24576:7Zts+9k0OExFJH09tGqR9aNbL+Ko5aa7Ci0XpURy+VjAj7F3EBc:QugGqDaNbL+KRGCeRxAj7B

Score

10^/10

purelogs zgrat rat stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

fd387cb5e59d395071f7db3b3ff55c4e41fb3deede556f974eb14336e48d6d3f.exe

Resource

win10v2004-20231127-en

purelogs zgrat rat stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  fd387cb5e59d395071f7db3b3ff55c4e41fb3deede556f974eb14336e48d6d3f
- Size
  
  1.3MB
- MD5
  
  fc1970b497075ee27039eebaca37c4b2
- SHA1
  
  f443d152d319c3d0934bf51ff21331f2a95af87c
- SHA256
  
  fd387cb5e59d395071f7db3b3ff55c4e41fb3deede556f974eb14336e48d6d3f
- SHA512
  
  3e9add4e211706a655e899d9a8163d3c67e49202ada75619708bca76d32d07dc36529ab151fca43aeef84a841e55a874b137c8d6945dd65472a872df6a36eb79
- SSDEEP
  
  24576:7Zts+9k0OExFJH09tGqR9aNbL+Ko5aa7Ci0XpURy+VjAj7F3EBc:QugGqDaNbL+KRGCeRxAj7B
Score

10^/10

purelogs zgrat rat stealer
- Detect PureLogs payload
- Detect ZGRat V1
- PureLogs
  PureLogs is an infostealer written in C#.
  stealer purelogs
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

purelogszgratratstealer

© 2018-2025

Terms | Privacy