purelogstealer | bd275a1f97d1691e394d81dd402c11aaa88cc8e723df7a6aaf57791fa6a6cdfa | Triage

Submit
Reports

Overview

overview

Static

static

P03SkzED.exe

windows10-1703-x64

Sharing

General

Target

P03SkzED.exe
Size

1.9MB
Sample

240630-1fhfyszbnj
MD5

8a1c6ab6aeeec522d4d2d483543cb6ad
SHA1

9133c7c95c6639c85f5880d97bfa4187905735b7
SHA256

bd275a1f97d1691e394d81dd402c11aaa88cc8e723df7a6aaf57791fa6a6cdfa
SHA512

86ca27ffa211847d772e2193540eb5da4ad8d6f8d62859cc86970b4053f6968521898ec63aafe4faaa30afbff513c12709bf46b917c5064de45398dab23fcd20
SSDEEP

49152:gK2O5r4MM1BBE+qTSMBi9Rbpt/aaxJGC/0UhlHLomjqD:gK2O5rfMLByTSMBap9BxJG4zhlHU

Score

10^/10

purelogstealer quasar moveit persistence spyware stealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

P03SkzED.exe

Resource

win10-20240404-en

purelogstealer quasar moveit persistence spyware stealer trojan

windows10-1703-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Moveit

C2

193.142.146.212:4782

Mutex

4b1cd0e7-d736-4aba-b4c8-067d2567b03d

Attributes

encryption_key
E12B8859E2195F69A0C4E8D7025D91C844CB8B49
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  P03SkzED.exe
- Size
  
  1.9MB
- MD5
  
  8a1c6ab6aeeec522d4d2d483543cb6ad
- SHA1
  
  9133c7c95c6639c85f5880d97bfa4187905735b7
- SHA256
  
  bd275a1f97d1691e394d81dd402c11aaa88cc8e723df7a6aaf57791fa6a6cdfa
- SHA512
  
  86ca27ffa211847d772e2193540eb5da4ad8d6f8d62859cc86970b4053f6968521898ec63aafe4faaa30afbff513c12709bf46b917c5064de45398dab23fcd20
- SSDEEP
  
  49152:gK2O5r4MM1BBE+qTSMBi9Rbpt/aaxJGC/0UhlHLomjqD:gK2O5rfMLByTSMBap9BxJG4zhlHU
Score

10^/10

purelogstealer quasar moveit persistence spyware stealer trojan
- PureLog Stealer
  PureLog Stealer is an infostealer written in C#.
  stealer purelogstealer
- PureLog Stealer payload
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

purelogstealerquasarmoveitpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy