purelogstealer | 914026a3a2ae151be05a903844b0f0b5abfc493101460ea044b51c458b4ce34c | Triage

Submit
Reports

Overview

overview

Static

static

81f91061c6...aa.exe

windows7-x64

81f91061c6...aa.exe

windows10-2004-x64

Sharing

General

Target

902f14b6f32cc40a82d6a0f2c41208ec.bin
Size

916KB
Sample

240821-bvqy7sxbqq
MD5

57cddc1bd9d9868a02c6d330348e33ab
SHA1

7b96bf5730fdd5ddd4561613191f9b86dcfde4d0
SHA256

914026a3a2ae151be05a903844b0f0b5abfc493101460ea044b51c458b4ce34c
SHA512

0a0c6688da256e2a4dd78893284528da26a93278959abd29e1b93043a7772fe33b12a7aeea743efc2c56d7e3746c4d3cc63f3eb9f788e187078c674c6d46d457
SSDEEP

24576:PlFJ/vpnLxVBNH+gsOVvYecRtOkmRvl1yauxZ:9vZLxVPH+mtcbKl1uxZ

Score

10^/10

purelogstealer discovery persistence stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

81f91061c650c2d9fdeab6a9d8be220a93d46f930d5c435e4a00c511236a4caa.exe

Resource

win7-20240704-en

purelogstealer discovery persistence stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

81f91061c650c2d9fdeab6a9d8be220a93d46f930d5c435e4a00c511236a4caa.exe

Resource

win10v2004-20240802-en

purelogstealer discovery persistence stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  81f91061c650c2d9fdeab6a9d8be220a93d46f930d5c435e4a00c511236a4caa.exe
- Size
  
  976KB
- MD5
  
  902f14b6f32cc40a82d6a0f2c41208ec
- SHA1
  
  c01e5bc3e9dbb84a5b36841045055999fc0a16cf
- SHA256
  
  81f91061c650c2d9fdeab6a9d8be220a93d46f930d5c435e4a00c511236a4caa
- SHA512
  
  d55e184309e122ffbe3097bfb64b3e23829228cd16030dca5856bfa1725bc60c2da04bf04c8919ca658ca4b7b03e4be6e6bc9240b5816903609969213be2f97c
- SSDEEP
  
  24576:1Ibj07xMVrpydHnnDfiDw8PZIykCu3oxmv2GX:1+ukYxDqnZTlns2
Score

10^/10

purelogstealer discovery persistence stealer
- PureLog Stealer
  PureLog Stealer is an infostealer written in C#.
  stealer purelogstealer
- PureLog Stealer payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

purelogstealerdiscoverypersistencestealer

behavioral2

purelogstealerdiscoverypersistencestealer

© 2018-2024

Terms | Privacy