Behavioral task
behavioral1
Sample
ca4fa21da193960c2a059ae4c682518ba41343fa6d2543d9a7ce15fdf692dc6f.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
ca4fa21da193960c2a059ae4c682518ba41343fa6d2543d9a7ce15fdf692dc6f.exe
Resource
win10v2004-20240426-en
General
-
Target
ca4fa21da193960c2a059ae4c682518ba41343fa6d2543d9a7ce15fdf692dc6f
-
Size
2.2MB
-
MD5
691aa96465589deb14addaf321373eb2
-
SHA1
5eb36719ce086f04550b31a6ac407dffca280604
-
SHA256
ca4fa21da193960c2a059ae4c682518ba41343fa6d2543d9a7ce15fdf692dc6f
-
SHA512
d6f651e33c358ba5017049dad47d42a4af4b1ecd7c6db1a83f010e17e00b4c275804cf954f7180086916913d6f9fbb2978ebf8e021312fa809ddea455af46060
-
SSDEEP
49152:UeP+VyaJbYt3L6zqiHvTAWhVF5H9S1kvwWeDyox/IXA:J+VDJGbhSvBhPS2wWeDyoI
Malware Config
Signatures
-
PureLog Stealer payload 1 IoCs
Processes:
resource yara_rule sample family_purelog_stealer -
Purelogstealer family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource ca4fa21da193960c2a059ae4c682518ba41343fa6d2543d9a7ce15fdf692dc6f
Files
-
ca4fa21da193960c2a059ae4c682518ba41343fa6d2543d9a7ce15fdf692dc6f.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 2.2MB - Virtual size: 2.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ