purelogstealer | bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
13-08-2024 22:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
Size

334KB
MD5

fcfdf7e5aa5e94c0ff65487236fa0b0b
SHA1

b9511c6841ffe7523b037098e7cec21f46486eb3
SHA256

bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e
SHA512

e61b25e184b0c55db0c9afb7fb7b1ac461e3b014f3fe896e91173ad7213f58f1522edfa82939e3cdf9c5a9575d3ed2966414df3c0ef5297c9dc9ca0cca17925b
SSDEEP

3072:7lIpvlLmpAZufjaxAOi5jwGVDNsPZ19AGUYRJ8IVKYT1:7GRliRaKOiZwt19AGU4Vt

Score

10^/10

purelogstealer stealer

Malware Config

Signatures

PureLog Stealer
PureLog Stealer is an infostealer written in C#.
stealer purelogstealer

PureLog Stealer payload 1 IoCs

resource	yara_rule
behavioral1/memory/1724-1-0x0000000000AF0000-0x0000000000B4A000-memory.dmp	family_purelog_stealer

Suspicious behavior: EnumeratesProcesses 42 IoCs

pid	Process
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1724	bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe

C:\Users\Admin\AppData\Local\Temp\bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe
"C:\Users\Admin\AppData\Local\Temp\bd911b9d45743fbae9aea401b5092b69b8e9a24952d3f06947ee6b307c76246e.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1724-0-0x000007FEF6513000-0x000007FEF6514000-memory.dmp

Filesize
4KB

Download
memory/1724-1-0x0000000000AF0000-0x0000000000B4A000-memory.dmp

Filesize
360KB

Download
memory/1724-2-0x0000000000A70000-0x0000000000AC6000-memory.dmp

Filesize
344KB

Download
memory/1724-3-0x000007FEF6510000-0x000007FEF6EFC000-memory.dmp

Filesize
9.9MB

Download
memory/1724-4-0x000007FEF6510000-0x000007FEF6EFC000-memory.dmp

Filesize
9.9MB

Download