purelogstealer | a7f605d4110bba430e02c7c5240e656fb3f1dd7f02dce985e9e5677169c9de55 | Triage

Sharing

General

Target

tmp
Size

284KB
Sample

240417-x3vs1sbf62
MD5

e3dc222d0a34c4b230f538a67bb7265d
SHA1

d88345aef0e59341e6c4297d2685cb5f08c0aa80
SHA256

a7f605d4110bba430e02c7c5240e656fb3f1dd7f02dce985e9e5677169c9de55
SHA512

3d775c3c940ddd3d43fa56726ae4f8c0442a4d576cb410e60e2f010e1ff6273a2064f646c6af4a6993ff78924c329ac821811f97402d1472495c1d7a6d838797
SSDEEP

6144:ukXNoFja9QXwKN1NdR7ws5lDohIiTXcnXzrCZemJPg1ZVzqH:jiFWUtXjDojODrXeIBze

Score

10^/10

purelogstealer smokeloader backdoor persistence stealer trojan

Malware Config

Targets

- Target
  
  tmp
- Size
  
  284KB
- MD5
  
  e3dc222d0a34c4b230f538a67bb7265d
- SHA1
  
  d88345aef0e59341e6c4297d2685cb5f08c0aa80
- SHA256
  
  a7f605d4110bba430e02c7c5240e656fb3f1dd7f02dce985e9e5677169c9de55
- SHA512
  
  3d775c3c940ddd3d43fa56726ae4f8c0442a4d576cb410e60e2f010e1ff6273a2064f646c6af4a6993ff78924c329ac821811f97402d1472495c1d7a6d838797
- SSDEEP
  
  6144:ukXNoFja9QXwKN1NdR7ws5lDohIiTXcnXzrCZemJPg1ZVzqH:jiFWUtXjDojODrXeIBze
Score

10^/10

purelogstealer smokeloader backdoor persistence stealer trojan
- PureLog Stealer
  PureLog Stealer is an infostealer written in C#.
  stealer purelogstealer
- PureLog Stealer payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

purelogstealersmokeloaderbackdoorpersistencestealertrojan

behavioral2

purelogstealersmokeloaderbackdoorpersistencestealertrojan