Overview

overview

10

Static

static

10

45458cb192...a3.exe

windows7-x64

10

45458cb192...a3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    45458cb19216ce36f2c0391b90bd0e35a74583d0bdfd5a2e48e9e1d625cceba3.exe

  • Size

    2.0MB

  • Sample

    240821-l8nfcaweqp

  • MD5

    d4f9d1afe2b5bf3633642526c01625d2

  • SHA1

    f553184ae1cf84c9d12ae7ea8262e1cec6442577

  • SHA256

    45458cb19216ce36f2c0391b90bd0e35a74583d0bdfd5a2e48e9e1d625cceba3

  • SHA512

    dcb89b0095fd7ab16ecfd3e4d43d1d6358e612fda3fbdc1cc1dd8d49c69fe60759c20b5f28ec758a6a577626b796f4e2ee66aa7e1f01cfc008c0af6cf52b5c82

  • SSDEEP

    49152:Be7O00O0FTsQTv1YcXKpRaV6NL4ZlEhLHSjqKoe:U7j0OWVTdYcfV6NL4ZlEpyjqKoe

Score
10/10
purelogstealercollectionpersistencestealer

Malware Config

Targets

    • Target

      45458cb19216ce36f2c0391b90bd0e35a74583d0bdfd5a2e48e9e1d625cceba3.exe

    • Size

      2.0MB

    • MD5

      d4f9d1afe2b5bf3633642526c01625d2

    • SHA1

      f553184ae1cf84c9d12ae7ea8262e1cec6442577

    • SHA256

      45458cb19216ce36f2c0391b90bd0e35a74583d0bdfd5a2e48e9e1d625cceba3

    • SHA512

      dcb89b0095fd7ab16ecfd3e4d43d1d6358e612fda3fbdc1cc1dd8d49c69fe60759c20b5f28ec758a6a577626b796f4e2ee66aa7e1f01cfc008c0af6cf52b5c82

    • SSDEEP

      49152:Be7O00O0FTsQTv1YcXKpRaV6NL4ZlEhLHSjqKoe:U7j0OWVTdYcfV6NL4ZlEpyjqKoe

    Score
    10/10
    purelogstealerpersistencestealercollection

    • PureLog Stealer

      PureLog Stealer is an infostealer written in C#.

      stealerpurelogstealer

    • PureLog Stealer payload

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks