General

  • Target

    Gqgsm.exe

  • Size

    171KB

  • Sample

    240614-lf792svblh

  • MD5

    c6cd0f62d86d87344a7d7483d82ac6d3

  • SHA1

    23332a2dc618d48d98218d3b3d67bc128e9d0f3d

  • SHA256

    6f03a4ec146aebb2d8031244e1c206131dc7852d9cac9937cfa62d7b27ebbf28

  • SHA512

    fed34015b4059b82df3fe6a59c2b168d60a1325c0253ecb53d38fb85459cb0d1aec0c9b2c30081d94ad6e12d9fc9298e258dda6fa1fd95a7fbc6d13a59a45031

  • SSDEEP

    3072:OYf8KDcsaEoJJlIZA0ZHl/itzwDOXVcdhyzTazMn:OYf8KIsaEoJ7IS0F0GOXVcryz2zM

Malware Config

Targets

    • Target

      Gqgsm.exe

    • Size

      171KB

    • MD5

      c6cd0f62d86d87344a7d7483d82ac6d3

    • SHA1

      23332a2dc618d48d98218d3b3d67bc128e9d0f3d

    • SHA256

      6f03a4ec146aebb2d8031244e1c206131dc7852d9cac9937cfa62d7b27ebbf28

    • SHA512

      fed34015b4059b82df3fe6a59c2b168d60a1325c0253ecb53d38fb85459cb0d1aec0c9b2c30081d94ad6e12d9fc9298e258dda6fa1fd95a7fbc6d13a59a45031

    • SSDEEP

      3072:OYf8KDcsaEoJJlIZA0ZHl/itzwDOXVcdhyzTazMn:OYf8KIsaEoJ7IS0F0GOXVcryz2zM

    • PureLog Stealer

      PureLog Stealer is an infostealer written in C#.

    • PureLog Stealer payload

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks