Behavioral task
behavioral1
Sample
TeamsLauncher.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
TeamsLauncher.exe
Resource
win10v2004-20240802-en
General
-
Target
TeamsLauncher.exe
-
Size
403KB
-
MD5
fdd2eda543063b87a6a51287f6095baa
-
SHA1
21355867dbdac7f076c552e0738c3e85525ea61c
-
SHA256
7e92d20062595d11cf5ebc076fd06d1af804043ff13e82fd4872e7501490c8ac
-
SHA512
2a5dcd9b9308273c187dd57b26162990c567a62605c2f5ab5864e780fb452746a12df1af9b892f116e8f810585bb3ac54b29a27bb8023f937739b1f0e8897a36
-
SSDEEP
1536:GYeNWLFFhmZLOol7Z3j//M5StqzZw9ep3RrpgcVFveptXjaOBatKx9O7Z3O//MHj:3eN2ql7Z3j3M94sFGPjayC7Z3O3M5N
Malware Config
Signatures
-
PureLog Stealer payload 1 IoCs
resource yara_rule sample family_purelog_stealer -
Purelogstealer family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource TeamsLauncher.exe
Files
-
TeamsLauncher.exe.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 231KB - Virtual size: 230KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 171KB - Virtual size: 171KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ