purelogstealer | d1e97dd47e3903ba07de598a3048d1bffff8df29c47cbd852c958a4c210d677a | Triage

Submit
Reports

Overview

overview

Static

static

d1e97dd47e...7a.exe

windows7-x64

d1e97dd47e...7a.exe

windows10-2004-x64

Sharing

General

Target

d1e97dd47e3903ba07de598a3048d1bffff8df29c47cbd852c958a4c210d677a.exe
Size

68KB
Sample

240509-l7fzwafb35
MD5

ac015ea331170ea31df4abc5461b51f4
SHA1

f31473ebcab052a6a632ce165fd7c717b8add5d4
SHA256

d1e97dd47e3903ba07de598a3048d1bffff8df29c47cbd852c958a4c210d677a
SHA512

e33d433df818f096d09b3f5337800a98fb2d88fd07d75a722edfe8b8d7cc57c599c3431fbf5809c718c802e60fd00fa2a2a46a1c41fe8b6a7e586a7b2c5aa615
SSDEEP

1536:y1gopCTSbwFnN/GGGw8RbXnnzo5d9Zb35LhlEDSUlJA7FAx:yISkFAq8Rbnnzo5d9Zb35LhlEDSUlJA

Score

10^/10

purelogstealer xworm zgrat persistence rat stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

d1e97dd47e3903ba07de598a3048d1bffff8df29c47cbd852c958a4c210d677a.exe

Resource

win7-20240220-en

purelogstealer stealer

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

d1e97dd47e3903ba07de598a3048d1bffff8df29c47cbd852c958a4c210d677a.exe

Resource

win10v2004-20240426-en

purelogstealer xworm zgrat persistence rat stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

193.161.193.99:40303

Mutex

DRVHzSADfqFLqC90

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  d1e97dd47e3903ba07de598a3048d1bffff8df29c47cbd852c958a4c210d677a.exe
- Size
  
  68KB
- MD5
  
  ac015ea331170ea31df4abc5461b51f4
- SHA1
  
  f31473ebcab052a6a632ce165fd7c717b8add5d4
- SHA256
  
  d1e97dd47e3903ba07de598a3048d1bffff8df29c47cbd852c958a4c210d677a
- SHA512
  
  e33d433df818f096d09b3f5337800a98fb2d88fd07d75a722edfe8b8d7cc57c599c3431fbf5809c718c802e60fd00fa2a2a46a1c41fe8b6a7e586a7b2c5aa615
- SSDEEP
  
  1536:y1gopCTSbwFnN/GGGw8RbXnnzo5d9Zb35LhlEDSUlJA7FAx:yISkFAq8Rbnnzo5d9Zb35LhlEDSUlJA
Score

10^/10

purelogstealer stealer xworm zgrat persistence rat trojan
- Detect Xworm Payload
- Detect ZGRat V1
- PureLog Stealer
  PureLog Stealer is an infostealer written in C#.
  stealer purelogstealer
- PureLog Stealer payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

purelogstealerstealer

behavioral2

purelogstealerxwormzgratpersistenceratstealertrojan

© 2018-2025

Terms | Privacy