Behavioral task
behavioral1
Sample
Purchase Order_5001535449_ES010_pdf .exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Purchase Order_5001535449_ES010_pdf .exe
Resource
win10v2004-20240319-en
General
-
Target
44f5f7e8cc125b74e496bf172333273e0d5530f0acfcfb87986a8ea4b054c59b
-
Size
416KB
-
MD5
fcaf65881fa2f33b24428906c1eb109f
-
SHA1
0c929c66525d467b5e687ab5a2ce4171d2121b56
-
SHA256
44f5f7e8cc125b74e496bf172333273e0d5530f0acfcfb87986a8ea4b054c59b
-
SHA512
92f42670e0a3d9a13bd556fb5f089c7b269afb36c4dfb7036aaf264b5a65ee64722139923f13416fac64855e34f5f4cab946cd2b597bc3c37920182166ab3bc6
-
SSDEEP
6144:GlCXcIbbHRjWje36AmF26qrvuzuzCCdsbXt:GlCXLbHRjW+mcOu7ds
Malware Config
Signatures
-
PureLog Stealer payload 2 IoCs
Processes:
resource yara_rule sample family_purelog_stealer static1/unpack002/Purchase Order_5001535449_ES010_pdf .exe family_purelog_stealer -
Purelogstealer family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack002/Purchase Order_5001535449_ES010_pdf .exe
Files
-
44f5f7e8cc125b74e496bf172333273e0d5530f0acfcfb87986a8ea4b054c59b.iso
-
out.iso.iso
-
Purchase Order_5001535449_ES010_pdf .exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 255KB - Virtual size: 254KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 99KB - Virtual size: 99KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ