Analysis
-
max time kernel
94s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
02-09-2024 03:02
Behavioral task
behavioral1
Sample
TeamsLauncher.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
TeamsLauncher.exe
Resource
win10v2004-20240802-en
General
-
Target
TeamsLauncher.exe
-
Size
403KB
-
MD5
fdd2eda543063b87a6a51287f6095baa
-
SHA1
21355867dbdac7f076c552e0738c3e85525ea61c
-
SHA256
7e92d20062595d11cf5ebc076fd06d1af804043ff13e82fd4872e7501490c8ac
-
SHA512
2a5dcd9b9308273c187dd57b26162990c567a62605c2f5ab5864e780fb452746a12df1af9b892f116e8f810585bb3ac54b29a27bb8023f937739b1f0e8897a36
-
SSDEEP
1536:GYeNWLFFhmZLOol7Z3j//M5StqzZw9ep3RrpgcVFveptXjaOBatKx9O7Z3O//MHj:3eN2ql7Z3j3M94sFGPjayC7Z3O3M5N
Malware Config
Signatures
-
PureLog Stealer
PureLog Stealer is an infostealer written in C#.
-
PureLog Stealer payload 2 IoCs
resource yara_rule behavioral2/memory/5104-1-0x000001CFCB050000-0x000001CFCB0B8000-memory.dmp family_purelog_stealer behavioral2/memory/5104-2-0x000001CFCCC90000-0x000001CFCCCA0000-memory.dmp family_purelog_stealer -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 5104 TeamsLauncher.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 5104 TeamsLauncher.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82