purelogstealer | Striker[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Striker.zip
Size

4.3MB
MD5

fbb01f4447e776622fc90375a9683c77
SHA1

2d322159ab69918f1cf155dc27986acb4fcf1c27
SHA256

e0cadd01873affcc00d9627bee2c794f8dc8e066990ec08571795c6b9b158c25
SHA512

790078972f62ee847880a422ce864bd98b4807da70981497cb7c4d5b4e60d7f2ef91922b9adcfab9a45ef675ea400e2be60758666a42fc518f4ac0e18108c0e3
SSDEEP

98304:IPuAfOCxQ+bHpvIyiN+vZyh5X123H7uCPA+JMmLgiHpI6kNqlpR/Ou6jD:IPu4OCykHpvIHNI45MLPNJvHe6kIR2x

Score

10^/10

purelogstealer

Malware Config

Signatures

PureLog Stealer payload 1 IoCs

resource	yara_rule
static1/unpack003/AnyDesk (STRIKER NEW, WORKING).exe	family_purelog_stealer

Purelogstealer family
purelogstealer

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack003/AnyDesk (STRIKER NEW, WORKING).exe
unpack003/AnyDesk (STRIKER OLD, NOT WORKING).exe

Files

Striker.zip
.zip
Striker - Copia.zip
.zip
Striker - Copia - Copia.zip
.zip
AnyDesk (STRIKER NEW, WORKING).exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AnyDesk (STRIKER OLD, NOT WORKING).exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 106B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
how to use (for the old one).txt