Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
13-03-2024 02:28
Behavioral task
behavioral1
Sample
f42496aca487ec4753a8f887f26c0eb5862e6626b4e474614c611d4b28f45909.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
f42496aca487ec4753a8f887f26c0eb5862e6626b4e474614c611d4b28f45909.exe
Resource
win10v2004-20240226-en
General
-
Target
f42496aca487ec4753a8f887f26c0eb5862e6626b4e474614c611d4b28f45909.exe
-
Size
481KB
-
MD5
45b1dc45eec64dd6ef42ff827d4405fd
-
SHA1
f34c8c2fe7c5bc610b4513cd853d97304960d429
-
SHA256
f42496aca487ec4753a8f887f26c0eb5862e6626b4e474614c611d4b28f45909
-
SHA512
abcfdf3b41c8ffb9327d7e2ac97b52666bf8e1afcca44344ec3ad492fe2b16069b8951aa20a112f655cc7a94b8b4bbad5a373893baa37010ad857ac0afc2ba99
-
SSDEEP
6144:JAtVdRkURiLBetRu2m10c/XOsnx/Bjr7xii6wgDm7NE/m2O0BBAdN3MVqRw6aPMB:JCVdRkEtY/+a/BLj6wkm7N/0Bi3MBW
Malware Config
Signatures
-
PureLog Stealer
PureLog Stealer is an infostealer written in C#.
-
PureLog Stealer payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/2008-0-0x0000000001180000-0x00000000011FC000-memory.dmp family_purelog_stealer -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
f42496aca487ec4753a8f887f26c0eb5862e6626b4e474614c611d4b28f45909.exedescription pid process Token: SeDebugPrivilege 2008 f42496aca487ec4753a8f887f26c0eb5862e6626b4e474614c611d4b28f45909.exe