purelogstealer | 1938dc0aa8afda1d86e62b28b3a6fcbbeed942af9a1ee713bb81c6323e8ad593[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

1938dc0aa8afda1d86e62b28b3a6fcbbeed942af9a1ee713bb81c6323e8ad593.exe
Size

272KB
MD5

3c68c79a96bd82e7e4c375be5c78fe57
SHA1

c28a1fdcece2e1c5560af77d9deecfc5bda6e577
SHA256

1938dc0aa8afda1d86e62b28b3a6fcbbeed942af9a1ee713bb81c6323e8ad593
SHA512

c60af81af0413794b3072ced034695e4077163fbbb77ef67a2ccd3851a9a7038249ca425332ec4aac6f820a5983d75f9d3e2a6e4503569ebff991fb036689539
SSDEEP

6144:wpLRwNH1zAJeLccapdUZ0t96uwrhmkzcrFxnzAgvkqD:wRR2H18JFcaUZMgrhm1rFxnzRs8

Score

10^/10

purelogstealer

Malware Config

Signatures

PureLog Stealer payload 1 IoCs

Processes:

resource	yara_rule
sample	family_purelog_stealer

Purelogstealer family
purelogstealer

Files

1938dc0aa8afda1d86e62b28b3a6fcbbeed942af9a1ee713bb81c6323e8ad593.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

44:dc:57:69:16:e3:e1:68:ed:a2:46:9f:fc:7a:4a:9c
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

16-06-2022 00:00

Not After

15-06-2025 23:59

Subject

CN=Zainuddin Nafarin,O=Zainuddin Nafarin,ST=Kalimantan Tengah,C=ID

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

97:78:31:b2:0c:c8:5f:61:b5:6b:9d:93:d4:d3:d2:0c:e1:93:9b:5a
Signer

Actual PE Digest

97:78:31:b2:0c:c8:5f:61:b5:6b:9d:93:d4:d3:d2:0c:e1:93:9b:5a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

44:dc:57:69:16:e3:e1:68:ed:a2:46:9f:fc:7a:4a:9cCertificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

97:78:31:b2:0c:c8:5f:61:b5:6b:9d:93:d4:d3:d2:0c:e1:93:9b:5aSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 62KB - Virtual size: 61KB

.rsrc Size: 199KB - Virtual size: 199KB

.reloc Size: 512B - Virtual size: 12B

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

44:dc:57:69:16:e3:e1:68:ed:a2:46:9f:fc:7a:4a:9c
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

97:78:31:b2:0c:c8:5f:61:b5:6b:9d:93:d4:d3:d2:0c:e1:93:9b:5a
Signer

.text
Size: 62KB - Virtual size: 61KB

.rsrc
Size: 199KB - Virtual size: 199KB

.reloc
Size: 512B - Virtual size: 12B