purelogstealer | 81f91061c650c2d9fdeab6a9d8be220a93d46f930d5c435e4a00c511236a4caa | Triage

Submit
Reports

Overview

overview

Static

static

81f91061c6...aa.exe

windows7-x64

81f91061c6...aa.exe

windows10-2004-x64

Sharing

General

Target

81f91061c650c2d9fdeab6a9d8be220a93d46f930d5c435e4a00c511236a4caa.exe
Size

976KB
Sample

240820-tvekaawann
MD5

902f14b6f32cc40a82d6a0f2c41208ec
SHA1

c01e5bc3e9dbb84a5b36841045055999fc0a16cf
SHA256

81f91061c650c2d9fdeab6a9d8be220a93d46f930d5c435e4a00c511236a4caa
SHA512

d55e184309e122ffbe3097bfb64b3e23829228cd16030dca5856bfa1725bc60c2da04bf04c8919ca658ca4b7b03e4be6e6bc9240b5816903609969213be2f97c
SSDEEP

24576:1Ibj07xMVrpydHnnDfiDw8PZIykCu3oxmv2GX:1+ukYxDqnZTlns2

Score

10^/10

purelogstealer discovery persistence stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

81f91061c650c2d9fdeab6a9d8be220a93d46f930d5c435e4a00c511236a4caa.exe

Resource

win7-20240705-en

purelogstealer discovery persistence stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

81f91061c650c2d9fdeab6a9d8be220a93d46f930d5c435e4a00c511236a4caa.exe

Resource

win10v2004-20240802-en

purelogstealer discovery persistence stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  81f91061c650c2d9fdeab6a9d8be220a93d46f930d5c435e4a00c511236a4caa.exe
- Size
  
  976KB
- MD5
  
  902f14b6f32cc40a82d6a0f2c41208ec
- SHA1
  
  c01e5bc3e9dbb84a5b36841045055999fc0a16cf
- SHA256
  
  81f91061c650c2d9fdeab6a9d8be220a93d46f930d5c435e4a00c511236a4caa
- SHA512
  
  d55e184309e122ffbe3097bfb64b3e23829228cd16030dca5856bfa1725bc60c2da04bf04c8919ca658ca4b7b03e4be6e6bc9240b5816903609969213be2f97c
- SSDEEP
  
  24576:1Ibj07xMVrpydHnnDfiDw8PZIykCu3oxmv2GX:1+ukYxDqnZTlns2
Score

10^/10

purelogstealer discovery persistence stealer
- PureLog Stealer
  PureLog Stealer is an infostealer written in C#.
  stealer purelogstealer
- PureLog Stealer payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

purelogstealerdiscoverypersistencestealer

behavioral2

purelogstealerdiscoverypersistencestealer

© 2018-2024

Terms | Privacy