Behavioral task
behavioral1
Sample
d5256103cffdf59f25bd9bb6f3aa1122c25fac1c49bcfe751c51625deed3de52.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
d5256103cffdf59f25bd9bb6f3aa1122c25fac1c49bcfe751c51625deed3de52.exe
Resource
win10v2004-20240611-en
General
-
Target
d5256103cffdf59f25bd9bb6f3aa1122c25fac1c49bcfe751c51625deed3de52
-
Size
249KB
-
MD5
80342a8acc3ee7ea3a1835eb6ce1250e
-
SHA1
12d2bfb40285ffd5331295211b4657b30448f5e3
-
SHA256
d5256103cffdf59f25bd9bb6f3aa1122c25fac1c49bcfe751c51625deed3de52
-
SHA512
ffc6098c73b2587ec0610471b692d82e4e85c8d83f26ca1de4253a2fd3f6ab5262c22b75250b3c6922d12c1fd7864f9e4525b97e80fdf658eb2c2449e14882d6
-
SSDEEP
1536:NJ2NqnNOxvgGWb6rYhRi6clhIP+Dj/fW58YyL1G8lI:NJ2NqSnWyYhVcjIP+f/E8YnaI
Malware Config
Signatures
-
PureLog Stealer payload 1 IoCs
Processes:
resource yara_rule sample family_purelog_stealer -
Purelogstealer family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource d5256103cffdf59f25bd9bb6f3aa1122c25fac1c49bcfe751c51625deed3de52
Files
-
d5256103cffdf59f25bd9bb6f3aa1122c25fac1c49bcfe751c51625deed3de52.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 144KB - Virtual size: 143KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 104KB - Virtual size: 104KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ