purelogstealer | cdf54d084007ce041a0dd019ce47b8cf619b007e531460cbb8995cb5b7f15fa4 | Triage

Submit
Reports

Overview

overview

Static

static

3

75097944c0...e8.exe

windows10-2004-x64

Sharing

General

Target

75097944c089d35d77e365650435f1e8.exe
Size

13.5MB
Sample

240803-h683gswfrj
MD5

75097944c089d35d77e365650435f1e8
SHA1

8b6544e94de86e2a950cea14dc5b965163dc39e4
SHA256

cdf54d084007ce041a0dd019ce47b8cf619b007e531460cbb8995cb5b7f15fa4
SHA512

cd5aec354118bbd247ae7f9276b0c809af738e736b7851c83e62dd483cab07f1bb78f5ab6f8390cff807d1e34d7ad64503914e8d5bd3915a48fb49d2050b2c3e
SSDEEP

393216:6r03VX937lsi+GxpZd9TiCf35BUE85VmgK+FA:t3jjVJTiEBUEEK

Score

10^/10

purelogstealer stealc vidar credential_access discovery persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

75097944c089d35d77e365650435f1e8.exe

Resource

win10v2004-20240802-en

purelogstealer stealc vidar credential_access discovery persistence stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

vidar

C2

https://steamcommunity.com/profiles/76561199735694209

https://t.me/puffclou

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.1) Gecko/20100101 Firefox/128.1

Targets

- Target
  
  75097944c089d35d77e365650435f1e8.exe
- Size
  
  13.5MB
- MD5
  
  75097944c089d35d77e365650435f1e8
- SHA1
  
  8b6544e94de86e2a950cea14dc5b965163dc39e4
- SHA256
  
  cdf54d084007ce041a0dd019ce47b8cf619b007e531460cbb8995cb5b7f15fa4
- SHA512
  
  cd5aec354118bbd247ae7f9276b0c809af738e736b7851c83e62dd483cab07f1bb78f5ab6f8390cff807d1e34d7ad64503914e8d5bd3915a48fb49d2050b2c3e
- SSDEEP
  
  393216:6r03VX937lsi+GxpZd9TiCf35BUE85VmgK+FA:t3jjVJTiEBUEEK
Score

10^/10

purelogstealer stealc vidar credential_access discovery persistence stealer
- Detect Vidar Stealer
  stealer
- PureLog Stealer
  PureLog Stealer is an infostealer written in C#.
  stealer purelogstealer
- PureLog Stealer payload
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Executes dropped EXE
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

purelogstealerstealcvidarcredential_accessdiscoverypersistencestealer

© 2018-2024

Terms | Privacy