General

  • Target

    64b58794801f282e92571676e3571afc5c59033c262406bf0d36e1d6ef3cda6a.zip

  • Size

    897KB

  • Sample

    240826-t1sn4aveqq

  • MD5

    df5a0ba6bc7ccffeec50ade2a0b844bc

  • SHA1

    76ced91f849a4067152a5069c42d138018d307b7

  • SHA256

    a9cbd4871bff21deb079925733bf4b5318fda799a5e3cc47c63b080015688890

  • SHA512

    5ddbdbbbe3f2c54ef29f7e84ea662bbaff07ce872f8812434ec29fb985767de8d3224188dc7aea596055cef214d8d5555910fe96619467f6d1e9887712cd6e71

  • SSDEEP

    24576:OaVti84EAFKhnXAxnzIT3eBqsiGyQKC13TN:Oa7PtAFKWmapyQKW

Malware Config

Targets

    • Target

      64b58794801f282e92571676e3571afc5c59033c262406bf0d36e1d6ef3cda6a.exe

    • Size

      924KB

    • MD5

      de64bb0f39113e48a8499d3401461cf8

    • SHA1

      8d78c2d4701e4596e87e3f09adde214a2a2033e8

    • SHA256

      64b58794801f282e92571676e3571afc5c59033c262406bf0d36e1d6ef3cda6a

    • SHA512

      35b7cdcfb866dcdc79be34066a9ad5a8058b80e68925aeb23708606149841022de17e9d205389c13803c01e356174a2f657773df7d53f889e4e1fc1d68074179

    • SSDEEP

      24576:NAHFp2K15zXnjfQb6+jFb5RIAJTOcA4gnPdCPPd7wm:WHf15zM5JbtA4wPdCnd75

    • PureLog Stealer

      PureLog Stealer is an infostealer written in C#.

    • PureLog Stealer payload

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks