purelogstealer | bd5eebdd00f4ddc22ddd82c3effb66a6f61b2e692bdbc344e023094ae5a93fde

Sharing

Copy URL

Twitter E-mail

General

Target

bd5eebdd00f4ddc22ddd82c3effb66a6f61b2e692bdbc344e023094ae5a93fde
Size

1.5MB
MD5

6178c200fcca008bfe504e8710874a20
SHA1

7aaf71a30b6074e5faad8777bdcaab924b0a27e1
SHA256

bd5eebdd00f4ddc22ddd82c3effb66a6f61b2e692bdbc344e023094ae5a93fde
SHA512

fded4e490d4b58fa6c4415302c0e67228a721cf0532cb8d8a065161fbaf81dec6f0762d4e11b4a91c43524d37e579e246040a84b047aa1de2d65ec35d456ed7c
SSDEEP

24576:Jp0SaLchXh9m6TUPQOTj9XCy7G9v4J9s04oSRsDiRCjyAG8frlyHt:JpjXh06TUIOf7PTmoSRRRkyMAN

Score

10^/10

purelogstealer

Malware Config

Signatures

Detects executables packed with Babel 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_Babel

PureLog Stealer payload 1 IoCs

resource	yara_rule
sample	family_purelog_stealer

Purelogstealer family
purelogstealer

Files

bd5eebdd00f4ddc22ddd82c3effb66a6f61b2e692bdbc344e023094ae5a93fde
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2020, 00:00

Not After

18/03/2045, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

29:e0:93:3d:c5:ff:42:16:23:cb:6d:c4
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

31/07/2023, 14:42

Not After

31/07/2026, 14:42

Subject

SERIALNUMBER=HRB 4920,CN=JAM Software GmbH,O=JAM Software GmbH,STREET=Am Wissenschaftspark 26,L=Trier,ST=Rheinland-Pfalz,C=DE,1.3.6.1.4.1.311.60.2.1.1=#1308576974746c696368,1.3.6.1.4.1.311.60.2.1.2=#130f526865696e6c616e642d5066616c7a,1.3.6.1.4.1.311.60.2.1.3=#13024445,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for CodeSign1 - R6 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d2:48:8a:f0:55:d3:2b:33:b8:bb:0b:21:02:ba:d5:7c:8b:01:c6:f5:b2:33:ba:c8:f9:c5:31:61:f7:dd:2d:1e
Signer

Actual PE Digest

d2:48:8a:f0:55:d3:2b:33:b8:bb:0b:21:02:ba:d5:7c:8b:01:c6:f5:b2:33:ba:c8:f9:c5:31:61:f7:dd:2d:1e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

LicenseManager.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8Certificate

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

29:e0:93:3d:c5:ff:42:16:23:cb:6d:c4Certificate

Extended Key Usages

Key Usages

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

d2:48:8a:f0:55:d3:2b:33:b8:bb:0b:21:02:ba:d5:7c:8b:01:c6:f5:b2:33:ba:c8:f9:c5:31:61:f7:dd:2d:1eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rsrc Size: 84KB - Virtual size: 84KB

.reloc Size: 512B - Virtual size: 12B

76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

29:e0:93:3d:c5:ff:42:16:23:cb:6d:c4
Certificate

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

d2:48:8a:f0:55:d3:2b:33:b8:bb:0b:21:02:ba:d5:7c:8b:01:c6:f5:b2:33:ba:c8:f9:c5:31:61:f7:dd:2d:1e
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rsrc
Size: 84KB - Virtual size: 84KB

.reloc
Size: 512B - Virtual size: 12B