purelogstealer | c94ec3c6d028461f4ebf643651184d6868da15c9ae827e893853a64db3e9f5fb | Triage

Submit
Reports

Overview

overview

Static

static

7

158af59a6a...18.exe

windows7-x64

158af59a6a...18.exe

windows10-2004-x64

Sharing

General

Target

158af59a6abb0b72f242f081aef3912d_JaffaCakes118
Size

3.9MB
Sample

240627-lrmsgsxekm
MD5

158af59a6abb0b72f242f081aef3912d
SHA1

fd3e35e07b922bf71bbbab25b52c139fba6220b4
SHA256

c94ec3c6d028461f4ebf643651184d6868da15c9ae827e893853a64db3e9f5fb
SHA512

65a318531ff4404ff20a5d4cf123fd167038305192ac500b6f2d9029c4cef0b4c70e94dd1d2736b9ca52750dc548ab831587123babf7649f72c47d9e792ce79e
SSDEEP

98304:I9Si7yVt6iHbB/SHopgn5nrdfUQqyYB9P3RmeyLNwx:I9Si74Lt/SH1NJUxyMRmtJg

Score

10^/10

purelogstealer evasion stealer themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

158af59a6abb0b72f242f081aef3912d_JaffaCakes118.exe

Resource

win7-20240611-en

purelogstealer evasion stealer themida trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

158af59a6abb0b72f242f081aef3912d_JaffaCakes118.exe

Resource

win10v2004-20240508-en

purelogstealer evasion stealer themida trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  158af59a6abb0b72f242f081aef3912d_JaffaCakes118
- Size
  
  3.9MB
- MD5
  
  158af59a6abb0b72f242f081aef3912d
- SHA1
  
  fd3e35e07b922bf71bbbab25b52c139fba6220b4
- SHA256
  
  c94ec3c6d028461f4ebf643651184d6868da15c9ae827e893853a64db3e9f5fb
- SHA512
  
  65a318531ff4404ff20a5d4cf123fd167038305192ac500b6f2d9029c4cef0b4c70e94dd1d2736b9ca52750dc548ab831587123babf7649f72c47d9e792ce79e
- SSDEEP
  
  98304:I9Si7yVt6iHbB/SHopgn5nrdfUQqyYB9P3RmeyLNwx:I9Si74Lt/SH1NJUxyMRmtJg
Score

10^/10

purelogstealer evasion stealer themida trojan
- PureLog Stealer
  PureLog Stealer is an infostealer written in C#.
  stealer purelogstealer
- PureLog Stealer payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

purelogstealerevasionstealerthemidatrojan

behavioral2

purelogstealerevasionstealerthemidatrojan

© 2018-2024

Terms | Privacy