purelogstealer | ec5d3735d3fbc85b1ba98cce0ecd8318c1dc0118d112b3c2e00cead058aa2db7

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
28-03-2024 01:58

Target

Product list.scr
Size

261KB
MD5

740c71fa7480df0ca835b842c466d190
SHA1

a495afbf5175fb7c31d5bb79ab5bdefa5842ee40
SHA256

769e8c82f191a58829d7c5b460b80b6242a2f9b906c3a9b98e0b87fd83c88205
SHA512

28978c02bed5a684b724a0ec91f50d5e44f6baae7f860ad29d24f133a5b1693f7f4232bdfc1ef0babc79284d2ee8c4630b31370c5acee2243c49f7b33f3b23ea
SSDEEP

6144:iazT6ew3igBm7IGxRsS71IagwsUKl0zRcP8Ya:ian6emLBm7IGxRsSpsUKx8N

Score

10^/10

PureLog Stealer
PureLog Stealer is an infostealer written in C#.
stealer purelogstealer

PureLog Stealer payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2968-0-0x0000000000190000-0x00000000001D6000-memory.dmp	family_purelog_stealer
behavioral1/memory/2968-5-0x0000000004890000-0x00000000048D0000-memory.dmp	family_purelog_stealer

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Product list.scr

description pid process

Token: SeDebugPrivilege 2968 Product list.scr

description	pid	process
Token: SeDebugPrivilege	2968	Product list.scr

C:\Users\Admin\AppData\Local\Temp\Product list.scr
"C:\Users\Admin\AppData\Local\Temp\Product list.scr" /S
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2968

memory/2968-0-0x0000000000190000-0x00000000001D6000-memory.dmp

Filesize
280KB

Download
memory/2968-1-0x0000000074B40000-0x000000007522E000-memory.dmp

Filesize
6.9MB

Download
memory/2968-2-0x0000000004890000-0x00000000048D0000-memory.dmp

Filesize
256KB

Download
memory/2968-3-0x0000000000270000-0x0000000000278000-memory.dmp

Filesize
32KB

Download
memory/2968-4-0x0000000074B40000-0x000000007522E000-memory.dmp

Filesize
6.9MB

Download
memory/2968-5-0x0000000004890000-0x00000000048D0000-memory.dmp

Filesize
256KB

Download