General

  • Target

    ae9e658d9382a09027af66d7559d3dde

  • Size

    970KB

  • Sample

    220727-h1abzafab9

  • MD5

    ae9e658d9382a09027af66d7559d3dde

  • SHA1

    bab59888e118e7eaeca5d17201298736481e3b2e

  • SHA256

    1e25495f71e59d51f518564d90b58028c90a9e9acaf0f0f2044e7a67cd22198f

  • SHA512

    84dbd1b4b033bd8bbbda199b0ca5e8f10971b90f32a6fbd144bbbaa65e4b272375f1b8c4b8fc411f539b67a7ef852bc08998dec4695460bef147193cca4fa603

Malware Config

Targets

    • Target

      ae9e658d9382a09027af66d7559d3dde

    • Size

      970KB

    • MD5

      ae9e658d9382a09027af66d7559d3dde

    • SHA1

      bab59888e118e7eaeca5d17201298736481e3b2e

    • SHA256

      1e25495f71e59d51f518564d90b58028c90a9e9acaf0f0f2044e7a67cd22198f

    • SHA512

      84dbd1b4b033bd8bbbda199b0ca5e8f10971b90f32a6fbd144bbbaa65e4b272375f1b8c4b8fc411f539b67a7ef852bc08998dec4695460bef147193cca4fa603

    • Detect PureCrypter loader

    • Modifies WinLogon for persistence

    • PureCrypter

      PureCrypter is a loader which is intended for downloading and executing additional payloads.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks