purelogstealer | 1d7c6ed697ee011ad969d1d7c706d88a962584f87d543fcc77ee358c5bfb4509 | Triage

Sharing

General

Target

1d7c6ed697ee011ad969d1d7c706d88a962584f87d543fcc77ee358c5bfb4509.exe
Size

1.9MB
Sample

240814-jw3ndswdlp
MD5

b0b0b09a9bf3348c6746cae342dff4b6
SHA1

6add2fe6a76201390ecc2e950203fadeca3f0161
SHA256

1d7c6ed697ee011ad969d1d7c706d88a962584f87d543fcc77ee358c5bfb4509
SHA512

edae9f061474d4979a02374d417d01268bd053a4127586245c13fe9d28bc46b967fd3e4dd6e3e513ce686efa12257951a439086c4252da67cb364b21569f3d03
SSDEEP

24576:VU+i4hqrt8ZgqiPYV/OIMZ9JeMorwzh+9dhYCOQ1CqKZJzajUN3de/:mrt8Sq3VOFloIs9YjQka2e/

Score

10^/10

purelogstealer collection credential_access discovery persistence stealer

Malware Config

Targets

- Target
  
  1d7c6ed697ee011ad969d1d7c706d88a962584f87d543fcc77ee358c5bfb4509.exe
- Size
  
  1.9MB
- MD5
  
  b0b0b09a9bf3348c6746cae342dff4b6
- SHA1
  
  6add2fe6a76201390ecc2e950203fadeca3f0161
- SHA256
  
  1d7c6ed697ee011ad969d1d7c706d88a962584f87d543fcc77ee358c5bfb4509
- SHA512
  
  edae9f061474d4979a02374d417d01268bd053a4127586245c13fe9d28bc46b967fd3e4dd6e3e513ce686efa12257951a439086c4252da67cb364b21569f3d03
- SSDEEP
  
  24576:VU+i4hqrt8ZgqiPYV/OIMZ9JeMorwzh+9dhYCOQ1CqKZJzajUN3de/:mrt8Sq3VOFloIs9YjQka2e/
Score

10^/10

purelogstealer discovery persistence stealer collection credential_access
- PureLog Stealer
  PureLog Stealer is an infostealer written in C#.
  stealer purelogstealer
- PureLog Stealer payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

purelogstealerdiscoverypersistencestealer

behavioral2

purelogstealercollectioncredential_accessdiscoverypersistencestealer