purelogstealer | 902f14b6f32cc40a82d6a0f2c41208ec[.]bin | Triage

Sharing

General

Target

902f14b6f32cc40a82d6a0f2c41208ec.bin
Size

916KB
MD5

57cddc1bd9d9868a02c6d330348e33ab
SHA1

7b96bf5730fdd5ddd4561613191f9b86dcfde4d0
SHA256

914026a3a2ae151be05a903844b0f0b5abfc493101460ea044b51c458b4ce34c
SHA512

0a0c6688da256e2a4dd78893284528da26a93278959abd29e1b93043a7772fe33b12a7aeea743efc2c56d7e3746c4d3cc63f3eb9f788e187078c674c6d46d457
SSDEEP

24576:PlFJ/vpnLxVBNH+gsOVvYecRtOkmRvl1yauxZ:9vZLxVPH+mtcbKl1uxZ

Score

10^/10

purelogstealer

Malware Config

Signatures

PureLog Stealer payload 1 IoCs

resource	yara_rule
static1/unpack001/81f91061c650c2d9fdeab6a9d8be220a93d46f930d5c435e4a00c511236a4caa.exe	family_purelog_stealer

Purelogstealer family
purelogstealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/81f91061c650c2d9fdeab6a9d8be220a93d46f930d5c435e4a00c511236a4caa.exe

Files

902f14b6f32cc40a82d6a0f2c41208ec.bin
.zip

Password: infected
81f91061c650c2d9fdeab6a9d8be220a93d46f930d5c435e4a00c511236a4caa.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 974KB - Virtual size: 973KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ