General

  • Target

    YT Tools v3.8.rar

  • Size

    272.4MB

  • Sample

    240316-e8fl6scb2s

  • MD5

    2d0e61ac1ab014a5ea1da333370a9ccc

  • SHA1

    c23988ea432f83bc098f37ccf67068bb91157c68

  • SHA256

    8d18fe99fa89a0e433dc5bb2a714f9ad8585508bd951de48e8c407321e19b63d

  • SHA512

    e4749399a4bf3590cd0ac7b139ea2d2014779fe1ba7f5b85a9ddd9904a4db264c379acf4fe661b953c6972b15ee00f45f57574609667090d19586ae66236c409

  • SSDEEP

    6291456:HsX0d3HUosm001aSlfMZqJzCYEIastSoc7sykPvtJ:HskdkN0fSqRE5ylc7DkNJ

Score
10/10

Malware Config

Targets

    • Target

      YT Tools v3.8.rar

    • Size

      272.4MB

    • MD5

      2d0e61ac1ab014a5ea1da333370a9ccc

    • SHA1

      c23988ea432f83bc098f37ccf67068bb91157c68

    • SHA256

      8d18fe99fa89a0e433dc5bb2a714f9ad8585508bd951de48e8c407321e19b63d

    • SHA512

      e4749399a4bf3590cd0ac7b139ea2d2014779fe1ba7f5b85a9ddd9904a4db264c379acf4fe661b953c6972b15ee00f45f57574609667090d19586ae66236c409

    • SSDEEP

      6291456:HsX0d3HUosm001aSlfMZqJzCYEIastSoc7sykPvtJ:HskdkN0fSqRE5ylc7DkNJ

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • PureLog Stealer

      PureLog Stealer is an infostealer written in C#.

    • PureLog Stealer payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks