purelogstealer | 80a4325072a8d0587da28929a497d615433addcab45caf75ac0e75d28b6d0dff | Triage

Submit
Reports

Overview

overview

Static

static

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

80a4325072a8d0587da28929a497d615433addcab45caf75ac0e75d28b6d0dff
Size

1.0MB
Sample

240726-3gfpvsvdna
MD5

31759297fa8b62fb1cc998c1a229d14d
SHA1

6e345255abe76ca34768c514bd4558f301c99a78
SHA256

80a4325072a8d0587da28929a497d615433addcab45caf75ac0e75d28b6d0dff
SHA512

62ca2bc18179da07fcb42298f5aa6dc9f31fa4dbaadb97bcd8892220d5584a23ea7ffd339b301cb1a79cfcdb5de2d12bd780556f760f5c66d2f0bec59b633b16
SSDEEP

24576:6xo4lc+Bbl93QooSZpg0K1iImadvQVqLySyBnjQV3rITD:+b73nbZNK1inq+w3rIX

Score

10^/10

purelogstealer smokeloader backdoor discovery stealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

80a4325072a8d0587da28929a497d615433addcab45caf75ac0e75d28b6d0dff.exe

Resource

win10v2004-20240709-en

purelogstealer smokeloader backdoor discovery stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

80a4325072a8d0587da28929a497d615433addcab45caf75ac0e75d28b6d0dff.exe

Resource

win11-20240709-en

purelogstealer smokeloader backdoor discovery stealer trojan

windows11-21h2-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  80a4325072a8d0587da28929a497d615433addcab45caf75ac0e75d28b6d0dff
- Size
  
  1.0MB
- MD5
  
  31759297fa8b62fb1cc998c1a229d14d
- SHA1
  
  6e345255abe76ca34768c514bd4558f301c99a78
- SHA256
  
  80a4325072a8d0587da28929a497d615433addcab45caf75ac0e75d28b6d0dff
- SHA512
  
  62ca2bc18179da07fcb42298f5aa6dc9f31fa4dbaadb97bcd8892220d5584a23ea7ffd339b301cb1a79cfcdb5de2d12bd780556f760f5c66d2f0bec59b633b16
- SSDEEP
  
  24576:6xo4lc+Bbl93QooSZpg0K1iImadvQVqLySyBnjQV3rITD:+b73nbZNK1inq+w3rIX
Score

10^/10

purelogstealer smokeloader backdoor discovery stealer trojan
- PureLog Stealer
  PureLog Stealer is an infostealer written in C#.
  stealer purelogstealer
- PureLog Stealer payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

purelogstealersmokeloaderbackdoordiscoverystealertrojan

behavioral2

purelogstealersmokeloaderbackdoordiscoverystealertrojan

© 2018-2024

Terms | Privacy