Latest posts tagged with #PureLogs on Bluesky
Cybercriminals are embedding PURELOGS malware in PNG files to evade detection. Stay vigilant against sophisticated phishing attacks. #CyberSecurity #Malware #PURELOGS #Phishing Link: thedailytechfeed.com/cybercrimina...
Directory listing on vastkupan.com with New PO 102456688.exe
UPDATE: Turns out the whole /wp-admin/js/ directory on Västkupan's website allows directory listing. Among the files in that directory is "New PO 102456688.exe", which drops #PureLogs.
🔥 MD5: b2647b263c14226c62fe743dbff5c70a
🔥 C2: 147.124.219.201:65535
https://netresec.com/?b=257eead
Transcript of PureLogs (or PureCrypter) C2 traffic to 65.108.24.103:62050
Do #PureLogs Stealer and #PureCrypter use the same C2 protocol, or is there some way to tell the C2 protocols apart?
C2 servers:
🔥 45.141.233.100:7708
🔥 144.172.91.74:7709
🔥 62.60.235.100:9100
🔥 65.108.24.103:62050
🔥 91.92.120.102:62050
🔥 192.30.240.242:62520
Two more #PureLogs Stealer DLL files found on vastkupan[.]com. The original blog post has been updated.
https://netresec.com/?b=257eead
💧 Dropper connects to legitimate website
📄 Fake PDF is downloaded over HTTPS
💾 Fake PDF is decrypted to a #PureLogs DLL
⚙️ InstallUtil.exe or RegAsm.exe is started
💉 PureLogs DLL is injected into the running process
👾 PureLogs connects to C2 server
netresec.com?b=257eead
PureLogs Forensics
💧 Dropper connects to legitimate website
📄 A fake PDF is downloaded over HTTPS
💾 The fake PDF is decrypted to a #PureLogs DLL
⚙️ InstallUtil.exe or RegAsm.exe is started.
💉 PureLogs DLL is injected into the running process
👾 PureLogs connects to C2 server
IOC List
🔥 91.92.120 […]
