purelogstealer | coco | Triage

Resubmissions

03-09-2024 09:38

240903-lmhyqsvapf 10

03-09-2024 09:21

240903-lbbehsshkk 10

Sharing

General

Target

coco
Size

1.8MB
MD5

ecf3cafacfc3e4cedff5156af2e57478
SHA1

8945bca5a7487ef443f69c600f1f2a83c2343080
SHA256

bcf82a664524ff945372110afa059dc00c5f1939aae4d9d6c1651efce359c2af
SHA512

8bf8399633cfa4d5102134942c161a838502196eadb25f04a9c259baad62864926b0bcbcee1ca040078fc94520bdc80a179c60b2c2526cb7b4ae3bea0ebbde77
SSDEEP

49152:nLzdJy9jEhhXFxAXVUw3yqQro900RheJYCVLy+Lv:Vkj8LAXuo8s0xfd

Score

10^/10

purelogstealer

Malware Config

Signatures

PureLog Stealer payload 1 IoCs

resource	yara_rule
sample	family_purelog_stealer

Purelogstealer family
purelogstealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
coco

Files

coco
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ