purelogstealer | 203006061689a1e5ad0cb8710d3b30e532722e044a955765124b7cfc71d8fcb3

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24-06-2024 13:43

Target

IMG_0345220_70260.exe
Size

881KB
MD5

eeecd5c1b99750abaed98f60a297d6f8
SHA1

55ea6cecad35633792a5857f86d1925805a5d4a4
SHA256

203006061689a1e5ad0cb8710d3b30e532722e044a955765124b7cfc71d8fcb3
SHA512

64e3243b6241f724daee0b8354241aafd4b9847bd34e4b0c87192ad0d1c410ceeebda9c1213af986fbd49ef10eeb6acdbf0574ede2bd18a5f8aa7a86217e6050
SSDEEP

24576:FivnwHTxIRcJAT3yHW+jfj/JVZ4Lf1UC6JOzOH1:xJAT3yHW+jVbCK

Score

10^/10

PureLog Stealer
PureLog Stealer is an infostealer written in C#.
stealer purelogstealer

PureLog Stealer payload 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1100-1-0x0000000000030000-0x0000000000112000-memory.dmp	family_purelog_stealer

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

IMG_0345220_70260.exe

description pid process

Token: SeDebugPrivilege 1100 IMG_0345220_70260.exe

description	pid	process
Token: SeDebugPrivilege	1100	IMG_0345220_70260.exe

C:\Users\Admin\AppData\Local\Temp\IMG_0345220_70260.exe
"C:\Users\Admin\AppData\Local\Temp\IMG_0345220_70260.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1100

memory/1100-0-0x0000000074EAE000-0x0000000074EAF000-memory.dmp

Filesize
4KB

Download
memory/1100-1-0x0000000000030000-0x0000000000112000-memory.dmp

Filesize
904KB

Download
memory/1100-3-0x0000000004A60000-0x0000000004A76000-memory.dmp

Filesize
88KB

Download
memory/1100-2-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/1100-4-0x0000000074EAE000-0x0000000074EAF000-memory.dmp

Filesize
4KB

Download
memory/1100-5-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download