purelogstealer | 68f7221674dbbb7621ce4d491bb7869344db5d91e9017601943e7b1e672b2d7b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

68f7221674...7b.exe

windows7-x64

68f7221674...7b.exe

windows10-2004-x64

Sharing

General

Target

68f7221674dbbb7621ce4d491bb7869344db5d91e9017601943e7b1e672b2d7b.exe
Size

2.6MB
Sample

240724-cewp7avelb
MD5

6159bd2beba187d99dad9e2a802fe8fd
SHA1

bf1b92c2b6d41fb3ad17e3e658f0d86a8c07cc22
SHA256

68f7221674dbbb7621ce4d491bb7869344db5d91e9017601943e7b1e672b2d7b
SHA512

3a0f432fe9357833bb224ebfa5776f11fa8b0ef09fdf3610f73662c958944909057a7323576db7117197525b31bead2835f81671c93da4a69451b5b9e87bbb72
SSDEEP

49152:FPgIpTlcBsyifklUwVowI9dy5y5iEvBMfyWrmXPipqNW1rTz:FYIg0fOXVRI9dy5yQEvBMfyWrmXPiXrT

Score

10^/10

purelogstealer collection credential_access discovery stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

68f7221674dbbb7621ce4d491bb7869344db5d91e9017601943e7b1e672b2d7b.exe

Resource

win7-20240705-en

purelogstealer collection credential_access discovery stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

68f7221674dbbb7621ce4d491bb7869344db5d91e9017601943e7b1e672b2d7b.exe

Resource

win10v2004-20240709-en

purelogstealer collection credential_access discovery stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
gator3220.hostgator.com
Port:
587
Username:
[email protected]
Password:
ABBG_3!y7%@agIh

Targets

- Target
  
  68f7221674dbbb7621ce4d491bb7869344db5d91e9017601943e7b1e672b2d7b.exe
- Size
  
  2.6MB
- MD5
  
  6159bd2beba187d99dad9e2a802fe8fd
- SHA1
  
  bf1b92c2b6d41fb3ad17e3e658f0d86a8c07cc22
- SHA256
  
  68f7221674dbbb7621ce4d491bb7869344db5d91e9017601943e7b1e672b2d7b
- SHA512
  
  3a0f432fe9357833bb224ebfa5776f11fa8b0ef09fdf3610f73662c958944909057a7323576db7117197525b31bead2835f81671c93da4a69451b5b9e87bbb72
- SSDEEP
  
  49152:FPgIpTlcBsyifklUwVowI9dy5y5iEvBMfyWrmXPipqNW1rTz:FYIg0fOXVRI9dy5yQEvBMfyWrmXPiXrT
Score

10^/10

purelogstealer collection credential_access discovery stealer
- PureLog Stealer
  PureLog Stealer is an infostealer written in C#.
  stealer purelogstealer
- PureLog Stealer payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

purelogstealercollectioncredential_accessdiscoverystealer

behavioral2

purelogstealercollectioncredential_accessdiscoverystealer

© 2018-2025

Terms | Privacy