purelogstealer | 71b506b1fbf26cef2b28bed51237f1f15e2fa7984af2a563aeb35a1e3cc71d64

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07-05-2024 10:27

Target

SecuriteInfo.com.Win32.PWSX-gen.29407.exe
Size

120KB
MD5

8c2736f5091792552be21809ae434207
SHA1

4f413ffb059cc18c18d97ddea978be374f77e931
SHA256

71b506b1fbf26cef2b28bed51237f1f15e2fa7984af2a563aeb35a1e3cc71d64
SHA512

027abadc2e1245518639d79bbf1da167d2e7c203b29bc9bd0e715828386a18b77b9790abbedf1e3ad4e23494ec1eabe64de0e9349a91ddbebcfefcc9dc2d1a74
SSDEEP

3072:wIm8e369TeB1PdLOGmrqnSILlNwz4UVSKW2yLW2w:wp3696nJmrODUVhgL+

Score

10^/10

PureLog Stealer
PureLog Stealer is an infostealer written in C#.
stealer purelogstealer

PureLog Stealer payload 1 IoCs

resource	yara_rule
behavioral1/memory/1724-1-0x0000000000ED0000-0x0000000000EEE000-memory.dmp	family_purelog_stealer

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1724	SecuriteInfo.com.Win32.PWSX-gen.29407.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.29407.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.29407.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1724

memory/1724-0-0x000000007452E000-0x000000007452F000-memory.dmp

Filesize
4KB

Download
memory/1724-1-0x0000000000ED0000-0x0000000000EEE000-memory.dmp

Filesize
120KB

Download
memory/1724-2-0x00000000003A0000-0x00000000003A8000-memory.dmp

Filesize
32KB

Download
memory/1724-3-0x0000000074520000-0x0000000074C0E000-memory.dmp

Filesize
6.9MB

Download
memory/1724-4-0x000000007452E000-0x000000007452F000-memory.dmp

Filesize
4KB

Download
memory/1724-5-0x0000000074520000-0x0000000074C0E000-memory.dmp

Filesize
6.9MB

Download