Behavioral task
behavioral1
Sample
517ee22c4f13794348a1743e39a119c6181b9ce6dff42f7e525fcd9fc2f768d4.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
517ee22c4f13794348a1743e39a119c6181b9ce6dff42f7e525fcd9fc2f768d4.exe
Resource
win10v2004-20240226-en
General
-
Target
517ee22c4f13794348a1743e39a119c6181b9ce6dff42f7e525fcd9fc2f768d4
-
Size
355KB
-
MD5
c05d1f30c4e092ea20de16c871eca157
-
SHA1
5aca67a7f815192a972966ab5400a95cdc2e5ed6
-
SHA256
517ee22c4f13794348a1743e39a119c6181b9ce6dff42f7e525fcd9fc2f768d4
-
SHA512
055dcc2dfd771600625349a64b572f78777d6e6e9970893b87e9359d4b95c2e3f8ac14cbb11d1892151bc43fb40072b2024c8526c9dbc6c79547873b6d669a0c
-
SSDEEP
6144:plCXcIbbHRjWje36AmF26qrvuzuzCCdsbXt:plCXLbHRjW+mcOu7ds
Malware Config
Signatures
-
PureLog Stealer payload 1 IoCs
Processes:
resource yara_rule sample family_purelog_stealer -
Purelogstealer family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 517ee22c4f13794348a1743e39a119c6181b9ce6dff42f7e525fcd9fc2f768d4
Files
-
517ee22c4f13794348a1743e39a119c6181b9ce6dff42f7e525fcd9fc2f768d4.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 255KB - Virtual size: 254KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 99KB - Virtual size: 99KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ