purelogstealer | a88eb9233151e36f765a78f19958631c9d161d88d1b5b9ebf2391450bdce7d9d | Triage

Submit
Reports

Overview

overview

Static

static

64b5879480...6a.exe

windows7-x64

64b5879480...6a.exe

windows10-2004-x64

Sharing

General

Target

a88eb9233151e36f765a78f19958631c9d161d88d1b5b9ebf2391450bdce7d9d
Size

897KB
Sample

240827-hd3d8sxejf
MD5

7782940de2a14fff0f24e7123a8fa9a8
SHA1

f7c05b34fe1990059bcd48706c15a2b9cce94b9e
SHA256

a88eb9233151e36f765a78f19958631c9d161d88d1b5b9ebf2391450bdce7d9d
SHA512

e5e07cdbeba685ec3d7ac539783d9af85ae75fdabd3bf9e17f3f4483b8e937d3539457b515d3bd8b114b4e98c9adb78fbea744b30daed2894cfd6695e8538da0
SSDEEP

24576:rpB9o2YGxWI/hswayyBaslPRqamHx2y+FqfoAkuutET:1Bpr/25aAYvx2dFqfoZA

Score

10^/10

purelogstealer discovery persistence stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

64b58794801f282e92571676e3571afc5c59033c262406bf0d36e1d6ef3cda6a.exe

Resource

win7-20240708-en

purelogstealer discovery persistence stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

64b58794801f282e92571676e3571afc5c59033c262406bf0d36e1d6ef3cda6a.exe

Resource

win10v2004-20240802-en

purelogstealer discovery persistence stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  64b58794801f282e92571676e3571afc5c59033c262406bf0d36e1d6ef3cda6a.exe
- Size
  
  924KB
- MD5
  
  de64bb0f39113e48a8499d3401461cf8
- SHA1
  
  8d78c2d4701e4596e87e3f09adde214a2a2033e8
- SHA256
  
  64b58794801f282e92571676e3571afc5c59033c262406bf0d36e1d6ef3cda6a
- SHA512
  
  35b7cdcfb866dcdc79be34066a9ad5a8058b80e68925aeb23708606149841022de17e9d205389c13803c01e356174a2f657773df7d53f889e4e1fc1d68074179
- SSDEEP
  
  24576:NAHFp2K15zXnjfQb6+jFb5RIAJTOcA4gnPdCPPd7wm:WHf15zM5JbtA4wPdCnd75
Score

10^/10

purelogstealer discovery persistence stealer
- PureLog Stealer
  PureLog Stealer is an infostealer written in C#.
  stealer purelogstealer
- PureLog Stealer payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

purelogstealerdiscoverypersistencestealer

behavioral2

purelogstealerdiscoverypersistencestealer

© 2018-2024

Terms | Privacy