General
-
Target
PureLogStealer-0xb.zip
-
Size
85KB
-
Sample
250404-bwr8naxxas
-
MD5
95195f30ae98759bb7727acb299e6bf2
-
SHA1
832e6d5933d0f21b8e07674b03975b4b7e6f0cbf
-
SHA256
8adf5a91aa7f509cc0cd0c220dddf4e1be235e72fdd14c33e0f6722b8aa19795
-
SHA512
4dc862903fd39d41b8d334c48a26bcaca85d41deb41459ce062a40013b91f938b0ac2b5c4fc746bb749dba4665c276f4a26039204e1c391d48340ad6a103b89b
-
SSDEEP
1536:Rs6Kv81j9YChHfY6UAGzQaTK8VqIr4lGpgypGFzgYcdVR5XJNzsGUwF2t:RNC81BYeg6UfsgB4Up1+MYcfRcN
Malware Config
Targets
-
-
Target
PureLogStealer-0xb.exe
-
Size
193KB
-
MD5
98609581725d9cf7f5200dbb02266cd6
-
SHA1
5f8a127fb69172947c6212b3a466279794b702a4
-
SHA256
01b57b7ab116a353b5d7d778b62c1a99f7f9f10e6af3a524aa13b9e3a588d751
-
SHA512
1cfa89386dd206ba5be5a981f4942deb76b71f7dcc5a09f9cf605e87a0128983bce1a8d22300e08e0751321a47c6252575d93fa9d81e847944b2c9fc5aaa2d0d
-
SSDEEP
6144:pS4OgfnRtcCUsnzUCpM69/KImQi/6ebl:srg/jcy
Score10/10-
Modifies WinLogon for persistence
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Hide Artifacts: Hidden Files and Directories
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1